From f1b25ab6471742cdcb2546cfeb9e26670b93daa1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:14:47 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0378.json | 140 +++++----- 2001/0xxx/CVE-2001-0559.json | 170 ++++++------ 2001/0xxx/CVE-2001-0577.json | 140 +++++----- 2001/0xxx/CVE-2001-0606.json | 130 ++++----- 2001/0xxx/CVE-2001-0659.json | 150 +++++------ 2001/0xxx/CVE-2001-0951.json | 150 +++++------ 2001/1xxx/CVE-2001-1008.json | 140 +++++----- 2001/1xxx/CVE-2001-1050.json | 140 +++++----- 2001/1xxx/CVE-2001-1440.json | 160 +++++------ 2006/2xxx/CVE-2006-2014.json | 180 ++++++------- 2006/2xxx/CVE-2006-2373.json | 250 +++++++++--------- 2006/2xxx/CVE-2006-2661.json | 350 ++++++++++++------------ 2006/2xxx/CVE-2006-2936.json | 410 ++++++++++++++--------------- 2008/5xxx/CVE-2008-5606.json | 150 +++++------ 2011/3xxx/CVE-2011-3283.json | 140 +++++----- 2011/3xxx/CVE-2011-3494.json | 130 ++++----- 2011/3xxx/CVE-2011-3591.json | 150 +++++------ 2011/3xxx/CVE-2011-3648.json | 160 +++++------ 2011/3xxx/CVE-2011-3782.json | 140 +++++----- 2011/4xxx/CVE-2011-4815.json | 270 +++++++++---------- 2013/0xxx/CVE-2013-0021.json | 140 +++++----- 2013/0xxx/CVE-2013-0598.json | 140 +++++----- 2013/0xxx/CVE-2013-0616.json | 190 ++++++------- 2013/1xxx/CVE-2013-1489.json | 270 +++++++++---------- 2013/1xxx/CVE-2013-1721.json | 220 ++++++++-------- 2013/1xxx/CVE-2013-1932.json | 34 +-- 2013/5xxx/CVE-2013-5627.json | 34 +-- 2013/5xxx/CVE-2013-5823.json | 330 +++++++++++------------ 2013/5xxx/CVE-2013-5969.json | 34 +-- 2014/2xxx/CVE-2014-2367.json | 120 ++++----- 2014/2xxx/CVE-2014-2796.json | 160 +++++------ 2017/0xxx/CVE-2017-0470.json | 158 +++++------ 2017/0xxx/CVE-2017-0643.json | 140 +++++----- 2017/0xxx/CVE-2017-0797.json | 132 +++++----- 2017/1000xxx/CVE-2017-1000382.json | 132 +++++----- 2017/12xxx/CVE-2017-12259.json | 140 +++++----- 2017/12xxx/CVE-2017-12307.json | 130 ++++----- 2017/16xxx/CVE-2017-16182.json | 132 +++++----- 2017/16xxx/CVE-2017-16656.json | 34 +-- 2017/16xxx/CVE-2017-16933.json | 120 ++++----- 2017/4xxx/CVE-2017-4433.json | 34 +-- 2017/4xxx/CVE-2017-4655.json | 34 +-- 2017/4xxx/CVE-2017-4821.json | 34 +-- 2018/5xxx/CVE-2018-5962.json | 120 ++++----- 44 files changed, 3331 insertions(+), 3331 deletions(-) diff --git a/2001/0xxx/CVE-2001-0378.json b/2001/0xxx/CVE-2001-0378.json index 12ebf9700d1..ec2e39311c2 100644 --- a/2001/0xxx/CVE-2001-0378.json +++ b/2001/0xxx/CVE-2001-0378.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/024_readline.patch", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/024_readline.patch" - }, - { - "name" : "bsd-readline-permissions(6586)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6586" - }, - { - "name" : "5680", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/024_readline.patch", + "refsource": "CONFIRM", + "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/024_readline.patch" + }, + { + "name": "5680", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5680" + }, + { + "name": "bsd-readline-permissions(6586)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6586" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0559.json b/2001/0xxx/CVE-2001-0559.json index 59e035721a8..f57f8039e24 100644 --- a/2001/0xxx/CVE-2001-0559.json +++ b/2001/0xxx/CVE-2001-0559.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is called to correct the error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010507 Vixie cron vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/183029" - }, - { - "name" : "DSA-054", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2001/dsa-054" - }, - { - "name" : "MDKSA-2001:050", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-050.php3" - }, - { - "name" : "SuSE-SA:2001:17", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2001_017_cron_txt.html" - }, - { - "name" : "2687", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2687" - }, - { - "name" : "vixie-cron-gain-privileges(6508)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is called to correct the error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2001:050", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-050.php3" + }, + { + "name": "SuSE-SA:2001:17", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2001_017_cron_txt.html" + }, + { + "name": "20010507 Vixie cron vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/183029" + }, + { + "name": "DSA-054", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2001/dsa-054" + }, + { + "name": "2687", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2687" + }, + { + "name": "vixie-cron-gain-privileges(6508)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6508" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0577.json b/2001/0xxx/CVE-2001-0577.json index f97ba35dda2..223b24ed9a0 100644 --- a/2001/0xxx/CVE-2001-0577.json +++ b/2001/0xxx/CVE-2001-0577.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first command line argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010327 SCO 5.0.6 issues (recon) ", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-03/0410.html" - }, - { - "name" : "20010412 SSE072B: SCO OpenServer revision of buffer overflow fixes", - "refsource" : "BUGTRAQ", - "url" : "http://security-archive.merton.ox.ac.uk/bugtraq-200104/0221.html" - }, - { - "name" : "sco-openserver-recon-bo(6289)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6289" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first command line argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sco-openserver-recon-bo(6289)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6289" + }, + { + "refsource": "BUGTRAQ", + "name": "20010327 SCO 5.0.6 issues (recon)", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0410.html" + }, + { + "name": "20010412 SSE072B: SCO OpenServer revision of buffer overflow fixes", + "refsource": "BUGTRAQ", + "url": "http://security-archive.merton.ox.ac.uk/bugtraq-200104/0221.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0606.json b/2001/0xxx/CVE-2001-0606.json index af6d90f1041..ebdcd5d0b5a 100644 --- a/2001/0xxx/CVE-2001-0606.json +++ b/2001/0xxx/CVE-2001-0606.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with VirtualVault A.04.00 allows a remote attacker to create a denial of service via the HTTPS service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX0102-139", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/hp/2001-q1/0041.html" - }, - { - "name" : "hp-virtualvault-iws-dos(6110)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with VirtualVault A.04.00 allows a remote attacker to create a denial of service via the HTTPS service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hp-virtualvault-iws-dos(6110)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6110" + }, + { + "name": "HPSBUX0102-139", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/hp/2001-q1/0041.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0659.json b/2001/0xxx/CVE-2001-0659.json index 82924e73f66..170e2e8e087 100644 --- a/2001/0xxx/CVE-2001-0659.json +++ b/2001/0xxx/CVE-2001-0659.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in IrDA driver providing infrared data exchange on Windows 2000 allows attackers who are physically close to the machine to cause a denial of service (reboot) via a malformed IrDA packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010821 IrDA semiremote vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/209385" - }, - { - "name" : "MS01-046", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-046" - }, - { - "name" : "win2k-irda-dos(7008)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7008" - }, - { - "name" : "3215", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in IrDA driver providing infrared data exchange on Windows 2000 allows attackers who are physically close to the machine to cause a denial of service (reboot) via a malformed IrDA packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010821 IrDA semiremote vulnerability", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/209385" + }, + { + "name": "3215", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3215" + }, + { + "name": "MS01-046", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-046" + }, + { + "name": "win2k-irda-dos(7008)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7008" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0951.json b/2001/0xxx/CVE-2001-0951.json index b6e31c95aac..c0392e20e1c 100644 --- a/2001/0xxx/CVE-2001-0951.json +++ b/2001/0xxx/CVE-2001-0951.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0951", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011207 UDP DoS attack in Win2k via IKE", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100774842520403&w=2" - }, - { - "name" : "20011211 UDP DoS attack in Win2k via IKE", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100813081913496&w=2" - }, - { - "name" : "win2k-ike-dos(7667)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7667" - }, - { - "name" : "3652", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3652" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "win2k-ike-dos(7667)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7667" + }, + { + "name": "20011207 UDP DoS attack in Win2k via IKE", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100774842520403&w=2" + }, + { + "name": "20011211 UDP DoS attack in Win2k via IKE", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100813081913496&w=2" + }, + { + "name": "3652", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3652" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1008.json b/2001/1xxx/CVE-2001-1008.json index 54e875588da..d12d8f4b74e 100644 --- a/2001/1xxx/CVE-2001-1008.json +++ b/2001/1xxx/CVE-2001-1008.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010824 Java Plugin 1.4 with JRE 1.3 -> Ignores certificates.", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-08/0359.html" - }, - { - "name" : "3245", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3245" - }, - { - "name" : "javaplugin-jre-expired-certificate(7048)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7048.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3245", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3245" + }, + { + "name": "javaplugin-jre-expired-certificate(7048)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7048.php" + }, + { + "name": "20010824 Java Plugin 1.4 with JRE 1.3 -> Ignores certificates.", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-08/0359.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1050.json b/2001/1xxx/CVE-2001-1050.json index 79b6e93dd06..18249c62a83 100644 --- a/2001/1xxx/CVE-2001-1050.json +++ b/2001/1xxx/CVE-2001-1050.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CCCSoftware CCC PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011002 results of semi-automatic source code audit", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html" - }, - { - "name" : "3389", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3389" - }, - { - "name" : "php-includedir-code-execution(7215)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CCCSoftware CCC PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011002 results of semi-automatic source code audit", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html" + }, + { + "name": "3389", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3389" + }, + { + "name": "php-includedir-code-execution(7215)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7215" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1440.json b/2001/1xxx/CVE-2001-1440.json index fb07d0553af..9b608acfe70 100644 --- a/2001/1xxx/CVE-2001-1440.json +++ b/2001/1xxx/CVE-2001-1440.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1440", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in login for AIX 5.1L, when using loadable authentication modules, allows remote attackers to gain access to the system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1440", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IY26302", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY26302&apar=only" - }, - { - "name" : "VU#249491", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/249491" - }, - { - "name" : "1003038", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1003038" - }, - { - "name" : "6839", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6839" - }, - { - "name" : "aix-login-unauth-access(8269)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8269" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in login for AIX 5.1L, when using loadable authentication modules, allows remote attackers to gain access to the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#249491", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/249491" + }, + { + "name": "IY26302", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY26302&apar=only" + }, + { + "name": "6839", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6839" + }, + { + "name": "aix-login-unauth-access(8269)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8269" + }, + { + "name": "1003038", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1003038" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2014.json b/2006/2xxx/CVE-2006-2014.json index 2010702b24f..121165d4502 100644 --- a/2006/2xxx/CVE-2006-2014.json +++ b/2006/2xxx/CVE-2006-2014.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in gallerie.php in SL_site 1.0 allows remote attackers to list images in arbitrary directories via \"..\" sequences in the rep parameter, which is used to construct a directory name in admin/config.inc.php. NOTE: this issue could be used to produce resultant XSS from an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17667", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17667" - }, - { - "name" : "17672", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17672" - }, - { - "name" : "ADV-2006-1487", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1487" - }, - { - "name" : "24897", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24897" - }, - { - "name" : "1015972", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015972" - }, - { - "name" : "19792", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19792" - }, - { - "name" : "slsite-gallerie-directory-traversal(26037)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26037" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in gallerie.php in SL_site 1.0 allows remote attackers to list images in arbitrary directories via \"..\" sequences in the rep parameter, which is used to construct a directory name in admin/config.inc.php. NOTE: this issue could be used to produce resultant XSS from an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17672", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17672" + }, + { + "name": "1015972", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015972" + }, + { + "name": "24897", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24897" + }, + { + "name": "ADV-2006-1487", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1487" + }, + { + "name": "19792", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19792" + }, + { + "name": "slsite-gallerie-directory-traversal(26037)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26037" + }, + { + "name": "17667", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17667" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2373.json b/2006/2xxx/CVE-2006-2373.json index 24680b49435..d90ab0a9e02 100644 --- a/2006/2xxx/CVE-2006-2373.json +++ b/2006/2xxx/CVE-2006-2373.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the \"SMB Driver Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-2373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060613 Windows MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk Overflow", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=408" - }, - { - "name" : "MS06-030", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-030" - }, - { - "name" : "18356", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18356" - }, - { - "name" : "ADV-2006-2327", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2327" - }, - { - "name" : "26440", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26440" - }, - { - "name" : "oval:org.mitre.oval:def:1137", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1137" - }, - { - "name" : "oval:org.mitre.oval:def:1730", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1730" - }, - { - "name" : "oval:org.mitre.oval:def:1792", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1792" - }, - { - "name" : "oval:org.mitre.oval:def:1904", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1904" - }, - { - "name" : "oval:org.mitre.oval:def:1942", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1942" - }, - { - "name" : "oval:org.mitre.oval:def:2007", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2007" - }, - { - "name" : "1016288", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016288" - }, - { - "name" : "20635", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20635" - }, - { - "name" : "win-smb-privilege-escalation(26828)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26828" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the \"SMB Driver Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016288", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016288" + }, + { + "name": "oval:org.mitre.oval:def:1942", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1942" + }, + { + "name": "20060613 Windows MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk Overflow", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=408" + }, + { + "name": "oval:org.mitre.oval:def:1730", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1730" + }, + { + "name": "ADV-2006-2327", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2327" + }, + { + "name": "oval:org.mitre.oval:def:1137", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1137" + }, + { + "name": "26440", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26440" + }, + { + "name": "18356", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18356" + }, + { + "name": "MS06-030", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-030" + }, + { + "name": "oval:org.mitre.oval:def:2007", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2007" + }, + { + "name": "oval:org.mitre.oval:def:1792", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1792" + }, + { + "name": "oval:org.mitre.oval:def:1904", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1904" + }, + { + "name": "20635", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20635" + }, + { + "name": "win-smb-privilege-escalation(26828)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26828" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2661.json b/2006/2xxx/CVE-2006-2661.json index f8ba2ec946a..0119d719a88 100644 --- a/2006/2xxx/CVE-2006-2661.json +++ b/2006/2xxx/CVE-2006-2661.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060612 rPSA-2006-0100-1 freetype", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436836/100/0/threaded" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183676", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183676" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-429", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-429" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm" - }, - { - "name" : "DSA-1095", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1095" - }, - { - "name" : "MDKSA-2006:099", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:099" - }, - { - "name" : "RHSA-2006:0500", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0500.html" - }, - { - "name" : "20060701-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U" - }, - { - "name" : "102705", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1" - }, - { - "name" : "SUSE-SA:2006:037", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html" - }, - { - "name" : "USN-291-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/291-1/" - }, - { - "name" : "18329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18329" - }, - { - "name" : "oval:org.mitre.oval:def:11692", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11692" - }, - { - "name" : "ADV-2007-0381", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0381" - }, - { - "name" : "1016520", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016520" - }, - { - "name" : "20525", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20525" - }, - { - "name" : "20591", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20591" - }, - { - "name" : "20638", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20638" - }, - { - "name" : "20791", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20791" - }, - { - "name" : "21062", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21062" - }, - { - "name" : "21135", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21135" - }, - { - "name" : "21385", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21385" - }, - { - "name" : "21701", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21701" - }, - { - "name" : "23939", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183676", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183676" + }, + { + "name": "SUSE-SA:2006:037", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html" + }, + { + "name": "20791", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20791" + }, + { + "name": "oval:org.mitre.oval:def:11692", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11692" + }, + { + "name": "102705", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1" + }, + { + "name": "18329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18329" + }, + { + "name": "20525", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20525" + }, + { + "name": "21701", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21701" + }, + { + "name": "USN-291-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/291-1/" + }, + { + "name": "21385", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21385" + }, + { + "name": "20060612 rPSA-2006-0100-1 freetype", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436836/100/0/threaded" + }, + { + "name": "21135", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21135" + }, + { + "name": "RHSA-2006:0500", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0500.html" + }, + { + "name": "23939", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23939" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm" + }, + { + "name": "20591", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20591" + }, + { + "name": "20638", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20638" + }, + { + "name": "1016520", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016520" + }, + { + "name": "ADV-2007-0381", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0381" + }, + { + "name": "https://issues.rpath.com/browse/RPL-429", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-429" + }, + { + "name": "20060701-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U" + }, + { + "name": "21062", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21062" + }, + { + "name": "MDKSA-2006:099", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:099" + }, + { + "name": "DSA-1095", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1095" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2936.json b/2006/2xxx/CVE-2006-2936.json index 265317f1e01..69a3fbd7856 100644 --- a/2006/2xxx/CVE-2006-2936.json +++ b/2006/2xxx/CVE-2006-2936.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the hardware can handle, which causes the data to be queued." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-2936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060717 rPSA-2006-0130-1 kernel", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440300/100/0/threaded" - }, - { - "name" : "http://www.kernel.org/git/?p=linux/kernel/git/gregkh/patches.git;a=blob;h=4b4d9cfea17618b80d3ac785b701faeaf60141f1;hb=396eb2aac550ec55856c6843ef9017e800c3d656", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/git/?p=linux/kernel/git/gregkh/patches.git;a=blob;h=4b4d9cfea17618b80d3ac785b701faeaf60141f1;hb=396eb2aac550ec55856c6843ef9017e800c3d656" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=197610", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=197610" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm" - }, - { - "name" : "DSA-1184", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1184" - }, - { - "name" : "MDKSA-2006:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:150" - }, - { - "name" : "MDKSA-2006:151", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:151" - }, - { - "name" : "RHSA-2006:0617", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0617.html" - }, - { - "name" : "SUSE-SA:2007:018", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_18_kernel.html" - }, - { - "name" : "SUSE-SA:2007:021", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_21_kernel.html" - }, - { - "name" : "SUSE-SA:2007:030", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_30_kernel.html" - }, - { - "name" : "SUSE-SA:2007:035", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_35_kernel.html" - }, - { - "name" : "USN-331-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-331-1" - }, - { - "name" : "USN-346-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-346-1" - }, - { - "name" : "19033", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19033" - }, - { - "name" : "oval:org.mitre.oval:def:10265", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10265" - }, - { - "name" : "ADV-2006-2841", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2841" - }, - { - "name" : "27119", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27119" - }, - { - "name" : "20703", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20703" - }, - { - "name" : "21057", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21057" - }, - { - "name" : "21298", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21298" - }, - { - "name" : "21605", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21605" - }, - { - "name" : "21614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21614" - }, - { - "name" : "22093", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22093" - }, - { - "name" : "22174", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22174" - }, - { - "name" : "21934", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21934" - }, - { - "name" : "24547", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24547" - }, - { - "name" : "25683", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25683" - }, - { - "name" : "25226", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25226" - }, - { - "name" : "linux-ftdi-sio-dos(27807)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the hardware can handle, which causes the data to be queued." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kernel.org/git/?p=linux/kernel/git/gregkh/patches.git;a=blob;h=4b4d9cfea17618b80d3ac785b701faeaf60141f1;hb=396eb2aac550ec55856c6843ef9017e800c3d656", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/git/?p=linux/kernel/git/gregkh/patches.git;a=blob;h=4b4d9cfea17618b80d3ac785b701faeaf60141f1;hb=396eb2aac550ec55856c6843ef9017e800c3d656" + }, + { + "name": "20703", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20703" + }, + { + "name": "USN-331-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-331-1" + }, + { + "name": "21934", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21934" + }, + { + "name": "linux-ftdi-sio-dos(27807)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27807" + }, + { + "name": "19033", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19033" + }, + { + "name": "27119", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27119" + }, + { + "name": "ADV-2006-2841", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2841" + }, + { + "name": "RHSA-2006:0617", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0617.html" + }, + { + "name": "21298", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21298" + }, + { + "name": "21057", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21057" + }, + { + "name": "21605", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21605" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=197610", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=197610" + }, + { + "name": "MDKSA-2006:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:150" + }, + { + "name": "SUSE-SA:2007:021", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_21_kernel.html" + }, + { + "name": "MDKSA-2006:151", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:151" + }, + { + "name": "25226", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25226" + }, + { + "name": "21614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21614" + }, + { + "name": "25683", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25683" + }, + { + "name": "22174", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22174" + }, + { + "name": "oval:org.mitre.oval:def:10265", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10265" + }, + { + "name": "USN-346-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-346-1" + }, + { + "name": "SUSE-SA:2007:018", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_18_kernel.html" + }, + { + "name": "24547", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24547" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm" + }, + { + "name": "SUSE-SA:2007:030", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_30_kernel.html" + }, + { + "name": "SUSE-SA:2007:035", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_35_kernel.html" + }, + { + "name": "22093", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22093" + }, + { + "name": "20060717 rPSA-2006-0130-1 kernel", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440300/100/0/threaded" + }, + { + "name": "DSA-1184", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1184" + } + ] + } +} \ No newline at end of file diff --git a/2008/5xxx/CVE-2008-5606.json b/2008/5xxx/CVE-2008-5606.json index 40f286109da..feda6ebb426 100644 --- a/2008/5xxx/CVE-2008-5606.json +++ b/2008/5xxx/CVE-2008-5606.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-5606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gazatem QMail Mailing List Manager 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for qmail.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-5606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7376", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7376" - }, - { - "name" : "33008", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33008" - }, - { - "name" : "4764", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4764" - }, - { - "name" : "qmailmlm-qmail-info-disclosure(47152)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gazatem QMail Mailing List Manager 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for qmail.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4764", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4764" + }, + { + "name": "33008", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33008" + }, + { + "name": "qmailmlm-qmail-info-disclosure(47152)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47152" + }, + { + "name": "7376", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7376" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3283.json b/2011/3xxx/CVE-2011-3283.json index 7b4a7a4e9ee..4ed8aeea134 100644 --- a/2011/3xxx/CVE-2011-3283.json +++ b/2011/3xxx/CVE-2011-3283.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Carrier Routing System 3.9.1 allows remote attackers to cause a denial of service (Metro subsystem crash) via a fragmented GRE packet, aka Bug ID CSCts14887." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-3283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/cisco/software/release.html?mdfid=280777815&softwareid=280867577&release=3.9.1", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/cisco/software/release.html?mdfid=280777815&softwareid=280867577&release=3.9.1" - }, - { - "name" : "1027006", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027006" - }, - { - "name" : "cisco-carrier-gre-dos(75341)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75341" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Carrier Routing System 3.9.1 allows remote attackers to cause a denial of service (Metro subsystem crash) via a fragmented GRE packet, aka Bug ID CSCts14887." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-carrier-gre-dos(75341)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75341" + }, + { + "name": "1027006", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027006" + }, + { + "name": "http://www.cisco.com/cisco/software/release.html?mdfid=280777815&softwareid=280867577&release=3.9.1", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/cisco/software/release.html?mdfid=280777815&softwareid=280867577&release=3.9.1" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3494.json b/2011/3xxx/CVE-2011-3494.json index ce4df4bde2a..a3f7cc137db 100644 --- a/2011/3xxx/CVE-2011-3494.json +++ b/2011/3xxx/CVE-2011-3494.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long StyleTemplate element in a QUO, SUM or POR file, which triggers a stack-based buffer overflow, or (2) a long Font->FaceName field (aka FaceName element), which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/esignal_1-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/esignal_1-adv.txt" - }, - { - "name" : "45966", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long StyleTemplate element in a QUO, SUM or POR file, which triggers a stack-based buffer overflow, or (2) a long Font->FaceName field (aka FaceName element), which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/esignal_1-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/esignal_1-adv.txt" + }, + { + "name": "45966", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45966" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3591.json b/2011/3xxx/CVE-2011-3591.json index 4bbbb14d41e..ee238a6e3e9 100644 --- a/2011/3xxx/CVE-2011-3591.json +++ b/2011/3xxx/CVE-2011-3591.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3591", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to (1) js/functions.js and (2) js/tbl_structure.js." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110930 Re: CVE Request --- phpMyAdmin -- Multiple XSS flaws in versions v3.4.0 to v3.4.4 (PMASA-2011-14)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/09/30/8" - }, - { - "name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2011-14.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2011-14.php" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=738681", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=738681" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/bda213c58aec44925be661acb0e76c19483ea170", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/bda213c58aec44925be661acb0e76c19483ea170" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to (1) js/functions.js and (2) js/tbl_structure.js." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/bda213c58aec44925be661acb0e76c19483ea170", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/bda213c58aec44925be661acb0e76c19483ea170" + }, + { + "name": "[oss-security] 20110930 Re: CVE Request --- phpMyAdmin -- Multiple XSS flaws in versions v3.4.0 to v3.4.4 (PMASA-2011-14)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/09/30/8" + }, + { + "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-14.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-14.php" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=738681", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=738681" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3648.json b/2011/3xxx/CVE-2011-3648.json index df7241716cc..25fa3085feb 100644 --- a/2011/3xxx/CVE-2011-3648.json +++ b/2011/3xxx/CVE-2011-3648.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-47.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-47.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=690225", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=690225" - }, - { - "name" : "RHSA-2011:1439", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1439.html" - }, - { - "name" : "SUSE-SU-2011:1256", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html" - }, - { - "name" : "oval:org.mitre.oval:def:14212", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2011:1439", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1439.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=690225", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=690225" + }, + { + "name": "oval:org.mitre.oval:def:14212", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14212" + }, + { + "name": "SUSE-SU-2011:1256", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-47.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-47.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3782.json b/2011/3xxx/CVE-2011-3782.json index e10a5ea19b2..7408b46dc9f 100644 --- a/2011/3xxx/CVE-2011-3782.json +++ b/2011/3xxx/CVE-2011-3782.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3782", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpLD 2-151.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libs/smarty/Smarty_Compiler.class.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3782", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpld-2-151.2.0", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpld-2-151.2.0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpLD 2-151.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libs/smarty/Smarty_Compiler.class.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpld-2-151.2.0", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpld-2-151.2.0" + }, + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4815.json b/2011/4xxx/CVE-2011-4815.json index 52a577ecc1d..1e326067c73 100644 --- a/2011/4xxx/CVE-2011-4815.json +++ b/2011/4xxx/CVE-2011-4815.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4815", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4815", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html" - }, - { - "name" : "[ruby-talk] 20111228 [ANN] ruby 1.8.7 patchlevel 357 released", - "refsource" : "MLIST", - "url" : "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606" - }, - { - "name" : "http://www.nruns.com/_downloads/advisory28122011.pdf", - "refsource" : "MISC", - "url" : "http://www.nruns.com/_downloads/advisory28122011.pdf" - }, - { - "name" : "http://www.ocert.org/advisories/ocert-2011-003.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2011-003.html" - }, - { - "name" : "http://support.apple.com/kb/HT5281", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5281" - }, - { - "name" : "http://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-was-found-for-rubys-hash-algorithm/", - "refsource" : "CONFIRM", - "url" : "http://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-was-found-for-rubys-hash-algorithm/" - }, - { - "name" : "APPLE-SA-2012-05-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" - }, - { - "name" : "RHSA-2012:0069", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0069.html" - }, - { - "name" : "RHSA-2012:0070", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0070.html" - }, - { - "name" : "VU#903934", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/903934" - }, - { - "name" : "JVN#90615481", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN90615481/index.html" - }, - { - "name" : "JVNDB-2012-000066", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.html" - }, - { - "name" : "1026474", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026474" - }, - { - "name" : "47822", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47822" - }, - { - "name" : "47405", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47405" - }, - { - "name" : "ruby-hash-dos(72020)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47405", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47405" + }, + { + "name": "1026474", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026474" + }, + { + "name": "http://www.nruns.com/_downloads/advisory28122011.pdf", + "refsource": "MISC", + "url": "http://www.nruns.com/_downloads/advisory28122011.pdf" + }, + { + "name": "47822", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47822" + }, + { + "name": "RHSA-2012:0070", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0070.html" + }, + { + "name": "JVN#90615481", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN90615481/index.html" + }, + { + "name": "ruby-hash-dos(72020)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72020" + }, + { + "name": "VU#903934", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/903934" + }, + { + "name": "[ruby-talk] 20111228 [ANN] ruby 1.8.7 patchlevel 357 released", + "refsource": "MLIST", + "url": "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606" + }, + { + "name": "http://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-was-found-for-rubys-hash-algorithm/", + "refsource": "CONFIRM", + "url": "http://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-was-found-for-rubys-hash-algorithm/" + }, + { + "name": "20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html" + }, + { + "name": "RHSA-2012:0069", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0069.html" + }, + { + "name": "http://support.apple.com/kb/HT5281", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5281" + }, + { + "name": "APPLE-SA-2012-05-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" + }, + { + "name": "JVNDB-2012-000066", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.html" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2011-003.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2011-003.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0021.json b/2013/0xxx/CVE-2013-0021.json index 074a4137444..25edcae7dd5 100644 --- a/2013/0xxx/CVE-2013-0021.json +++ b/2013/0xxx/CVE-2013-0021.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0021", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Internet Explorer vtable Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-0021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-009" - }, - { - "name" : "TA13-043B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" - }, - { - "name" : "oval:org.mitre.oval:def:16483", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16483" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Internet Explorer vtable Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16483", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16483" + }, + { + "name": "MS13-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-009" + }, + { + "name": "TA13-043B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0598.json b/2013/0xxx/CVE-2013-0598.json index 560076b93cf..b22a794b853 100644 --- a/2013/0xxx/CVE-2013-0598.json +++ b/2013/0xxx/CVE-2013-0598.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-0598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21648665", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21648665" - }, - { - "name" : "PM88185", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM88185" - }, - { - "name" : "clearquest-cve20130598-csrf(83611)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83611" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to hijack the authentication of arbitrary users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PM88185", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM88185" + }, + { + "name": "clearquest-cve20130598-csrf(83611)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83611" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21648665", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648665" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0616.json b/2013/0xxx/CVE-2013-0616.json index b41d036e9d4..4cebe7cfd3e 100644 --- a/2013/0xxx/CVE-2013-0616.json +++ b/2013/0xxx/CVE-2013-0616.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0605, CVE-2013-0619, CVE-2013-0620, and CVE-2013-0623." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-0616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-02.html" - }, - { - "name" : "GLSA-201308-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml" - }, - { - "name" : "RHSA-2013:0150", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0150.html" - }, - { - "name" : "SUSE-SU-2013:0044", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00004.html" - }, - { - "name" : "SUSE-SU-2013:0047", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00005.html" - }, - { - "name" : "openSUSE-SU-2013:0138", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00028.html" - }, - { - "name" : "openSUSE-SU-2013:0193", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00081.html" - }, - { - "name" : "oval:org.mitre.oval:def:16305", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16305" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0605, CVE-2013-0619, CVE-2013-0620, and CVE-2013-0623." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2013:0044", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00004.html" + }, + { + "name": "oval:org.mitre.oval:def:16305", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16305" + }, + { + "name": "SUSE-SU-2013:0047", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00005.html" + }, + { + "name": "openSUSE-SU-2013:0193", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00081.html" + }, + { + "name": "openSUSE-SU-2013:0138", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00028.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-02.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-02.html" + }, + { + "name": "RHSA-2013:0150", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0150.html" + }, + { + "name": "GLSA-201308-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-03.xml" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1489.json b/2013/1xxx/CVE-2013-1489.json index 77508570b5c..90a79f65f0e 100644 --- a/2013/1xxx/CVE-2013-1489.json +++ b/2013/1xxx/CVE-2013-1489.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the \"Very High\" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka \"Issue 53\" and the \"Java Security Slider\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-1489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130127 [SE-2012-01] An issue with new Java SE 7 security features", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Jan/241" - }, - { - "name" : "http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53", - "refsource" : "MISC", - "url" : "http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53" - }, - { - "name" : "http://thenextweb.com/insider/2013/01/28/new-vulnerability-bypasses-oracles-attempt-to-stop-malware-drive-by-downloads-via-java-applets/", - "refsource" : "MISC", - "url" : "http://thenextweb.com/insider/2013/01/28/new-vulnerability-bypasses-oracles-attempt-to-stop-malware-drive-by-downloads-via-java-applets/" - }, - { - "name" : "http://www.informationweek.com/security/application-security/java-security-work-remains-bug-hunter-sa/240147150", - "refsource" : "MISC", - "url" : "http://www.informationweek.com/security/application-security/java-security-work-remains-bug-hunter-sa/240147150" - }, - { - "name" : "http://www.scmagazine.com.au/News/330453,java-still-unsafe-new-flaws-discovered.aspx", - "refsource" : "MISC", - "url" : "http://www.scmagazine.com.au/News/330453,java-still-unsafe-new-flaws-discovered.aspx" - }, - { - "name" : "http://www.zdnet.com/java-update-doesnt-prevent-silent-exploits-at-all-7000010422/", - "refsource" : "MISC", - "url" : "http://www.zdnet.com/java-update-doesnt-prevent-silent-exploits-at-all-7000010422/" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" - }, - { - "name" : "HPSBMU02874", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "HPSBUX02857", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101103", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101184", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "RHSA-2013:0237", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0237.html" - }, - { - "name" : "TA13-032A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" - }, - { - "name" : "VU#858729", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/858729" - }, - { - "name" : "oval:org.mitre.oval:def:15906", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15906" - }, - { - "name" : "oval:org.mitre.oval:def:19171", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19171" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the \"Very High\" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka \"Issue 53\" and the \"Java Security Slider\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15906", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15906" + }, + { + "name": "20130127 [SE-2012-01] An issue with new Java SE 7 security features", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Jan/241" + }, + { + "name": "TA13-032A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" + }, + { + "name": "http://www.zdnet.com/java-update-doesnt-prevent-silent-exploits-at-all-7000010422/", + "refsource": "MISC", + "url": "http://www.zdnet.com/java-update-doesnt-prevent-silent-exploits-at-all-7000010422/" + }, + { + "name": "http://thenextweb.com/insider/2013/01/28/new-vulnerability-bypasses-oracles-attempt-to-stop-malware-drive-by-downloads-via-java-applets/", + "refsource": "MISC", + "url": "http://thenextweb.com/insider/2013/01/28/new-vulnerability-bypasses-oracles-attempt-to-stop-malware-drive-by-downloads-via-java-applets/" + }, + { + "name": "VU#858729", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/858729" + }, + { + "name": "http://www.scmagazine.com.au/News/330453,java-still-unsafe-new-flaws-discovered.aspx", + "refsource": "MISC", + "url": "http://www.scmagazine.com.au/News/330453,java-still-unsafe-new-flaws-discovered.aspx" + }, + { + "name": "RHSA-2013:0237", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0237.html" + }, + { + "name": "HPSBUX02857", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "HPSBMU02874", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "SSRT101103", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53", + "refsource": "MISC", + "url": "http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" + }, + { + "name": "http://www.informationweek.com/security/application-security/java-security-work-remains-bug-hunter-sa/240147150", + "refsource": "MISC", + "url": "http://www.informationweek.com/security/application-security/java-security-work-remains-bug-hunter-sa/240147150" + }, + { + "name": "SSRT101184", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "oval:org.mitre.oval:def:19171", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19171" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1721.json b/2013/1xxx/CVE-2013-1721.json index a38a7224228..12479bd703b 100644 --- a/2013/1xxx/CVE-2013-1721.json +++ b/2013/1xxx/CVE-2013-1721.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1721", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the drawLineLoop function in the libGLESv2 library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 24.0 and SeaMonkey before 2.21, allows remote attackers to execute arbitrary code via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-1721", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-78.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-78.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=890277", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=890277" - }, - { - "name" : "FEDORA-2013-16992", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html" - }, - { - "name" : "FEDORA-2013-17047", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html" - }, - { - "name" : "FEDORA-2013-17074", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html" - }, - { - "name" : "openSUSE-SU-2013:1491", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html" - }, - { - "name" : "openSUSE-SU-2013:1493", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html" - }, - { - "name" : "openSUSE-SU-2013:1499", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html" - }, - { - "name" : "USN-1951-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1951-1" - }, - { - "name" : "USN-1952-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1952-1" - }, - { - "name" : "oval:org.mitre.oval:def:18993", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18993" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the drawLineLoop function in the libGLESv2 library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 24.0 and SeaMonkey before 2.21, allows remote attackers to execute arbitrary code via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:1491", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html" + }, + { + "name": "FEDORA-2013-16992", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html" + }, + { + "name": "FEDORA-2013-17074", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html" + }, + { + "name": "USN-1952-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1952-1" + }, + { + "name": "USN-1951-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1951-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=890277", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=890277" + }, + { + "name": "oval:org.mitre.oval:def:18993", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18993" + }, + { + "name": "FEDORA-2013-17047", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-78.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-78.html" + }, + { + "name": "openSUSE-SU-2013:1493", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html" + }, + { + "name": "openSUSE-SU-2013:1499", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1932.json b/2013/1xxx/CVE-2013-1932.json index 7901d9ac548..c1a5c379fe7 100644 --- a/2013/1xxx/CVE-2013-1932.json +++ b/2013/1xxx/CVE-2013-1932.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1932", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1932", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5627.json b/2013/5xxx/CVE-2013-5627.json index 7b85269be66..bdb64423830 100644 --- a/2013/5xxx/CVE-2013-5627.json +++ b/2013/5xxx/CVE-2013-5627.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5627", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-5627", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5823.json b/2013/5xxx/CVE-2013-5823.json index c5414c548ea..d5f1043765c 100644 --- a/2013/5xxx/CVE-2013-5823.json +++ b/2013/5xxx/CVE-2013-5823.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5823", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to Security." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" - }, - { - "name" : "http://support.apple.com/kb/HT5982", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5982" - }, - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201" - }, - { - "name" : "APPLE-SA-2013-10-15-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02943", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=138674031212883&w=2" - }, - { - "name" : "HPSBUX02944", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=138674073720143&w=2" - }, - { - "name" : "RHSA-2013:1440", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1440.html" - }, - { - "name" : "RHSA-2013:1447", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1447.html" - }, - { - "name" : "RHSA-2013:1451", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1451.html" - }, - { - "name" : "RHSA-2013:1505", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1505.html" - }, - { - "name" : "RHSA-2013:1507", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1507.html" - }, - { - "name" : "RHSA-2013:1508", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1508.html" - }, - { - "name" : "RHSA-2013:1793", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1793.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "SUSE-SU-2013:1666", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html" - }, - { - "name" : "SUSE-SU-2013:1677", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html" - }, - { - "name" : "openSUSE-SU-2013:1663", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html" - }, - { - "name" : "USN-2033-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2033-1" - }, - { - "name" : "USN-2089-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2089-1" - }, - { - "name" : "oval:org.mitre.oval:def:18783", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18783" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to Security." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "oval:org.mitre.oval:def:18783", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18783" + }, + { + "name": "RHSA-2013:1447", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html" + }, + { + "name": "RHSA-2013:1440", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html" + }, + { + "name": "USN-2033-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2033-1" + }, + { + "name": "USN-2089-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2089-1" + }, + { + "name": "RHSA-2013:1508", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1508.html" + }, + { + "name": "SUSE-SU-2013:1677", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html" + }, + { + "name": "HPSBUX02944", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=138674073720143&w=2" + }, + { + "name": "RHSA-2013:1505", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1505.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201" + }, + { + "name": "HPSBUX02943", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=138674031212883&w=2" + }, + { + "name": "openSUSE-SU-2013:1663", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html" + }, + { + "name": "SUSE-SU-2013:1666", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html" + }, + { + "name": "RHSA-2013:1793", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1793.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" + }, + { + "name": "APPLE-SA-2013-10-15-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html" + }, + { + "name": "RHSA-2013:1507", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1507.html" + }, + { + "name": "http://support.apple.com/kb/HT5982", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5982" + }, + { + "name": "RHSA-2013:1451", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html" + }, + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5969.json b/2013/5xxx/CVE-2013-5969.json index 83526ef9815..c14d23b3c68 100644 --- a/2013/5xxx/CVE-2013-5969.json +++ b/2013/5xxx/CVE-2013-5969.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5969", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5969", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2367.json b/2014/2xxx/CVE-2014-2367.json index c91c8d832cb..3441504979a 100644 --- a/2014/2xxx/CVE-2014-2367.json +++ b/2014/2xxx/CVE-2014-2367.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-2367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2796.json b/2014/2xxx/CVE-2014-2796.json index 75d0b898e08..6c03cdbe17d 100644 --- a/2014/2xxx/CVE-2014-2796.json +++ b/2014/2xxx/CVE-2014-2796.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2796", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2808, CVE-2014-2825, CVE-2014-4050, CVE-2014-4055, and CVE-2014-4067." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-051", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" - }, - { - "name" : "69101", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69101" - }, - { - "name" : "1030715", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030715" - }, - { - "name" : "60670", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60670" - }, - { - "name" : "ms-ie-cve20142796-code-exec(94969)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94969" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2808, CVE-2014-2825, CVE-2014-4050, CVE-2014-4055, and CVE-2014-4067." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030715", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030715" + }, + { + "name": "MS14-051", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" + }, + { + "name": "60670", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60670" + }, + { + "name": "69101", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69101" + }, + { + "name": "ms-ie-cve20142796-code-exec(94969)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94969" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0470.json b/2017/0xxx/CVE-2017-0470.json index 1098e2164f9..a884c9f68b7 100644 --- a/2017/0xxx/CVE-2017-0470.json +++ b/2017/0xxx/CVE-2017-0470.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - }, - { - "version_value" : "Android-7.0" - }, - { - "version_value" : "Android-7.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33818500." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + }, + { + "version_value": "Android-7.0" + }, + { + "version_value": "Android-7.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01" - }, - { - "name" : "96717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96717" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33818500." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "96717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96717" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0643.json b/2017/0xxx/CVE-2017-0643.json index d49f68af4f8..b2b3d214f3d 100644 --- a/2017/0xxx/CVE-2017-0643.json +++ b/2017/0xxx/CVE-2017-0643.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-35645051." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-06-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-06-01" - }, - { - "name" : "98868", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98868" - }, - { - "name" : "1038623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-35645051." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-06-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-06-01" + }, + { + "name": "98868", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98868" + }, + { + "name": "1038623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038623" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0797.json b/2017/0xxx/CVE-2017-0797.json index 230ed1c7af0..6b30fee9db1 100644 --- a/2017/0xxx/CVE-2017-0797.json +++ b/2017/0xxx/CVE-2017-0797.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-09-05T00:00:00", - "ID" : "CVE-2017-0797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-62459766. References: M-ALPS03353854." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-09-05T00:00:00", + "ID": "CVE-2017-0797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "100652", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100652" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-62459766. References: M-ALPS03353854." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100652", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100652" + }, + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000382.json b/2017/1000xxx/CVE-2017-1000382.json index 7a183990d20..41907149694 100644 --- a/2017/1000xxx/CVE-2017-1000382.json +++ b/2017/1000xxx/CVE-2017-1000382.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "ID" : "CVE-2017-1000382", - "REQUESTER" : "hanno@hboeck.de", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VIM", - "version" : { - "version_data" : [ - { - "version_value" : "8.0.1187" - } - ] - } - } - ] - }, - "vendor_name" : "VIM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file (\"[ORIGINAL_FILENAME].swp\") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-278" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1000382", + "REQUESTER": "hanno@hboeck.de", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20171031 Fw: Security risk of vim swap files", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/10/31/1" - }, - { - "name" : "http://security.cucumberlinux.com/security/details.php?id=120", - "refsource" : "CONFIRM", - "url" : "http://security.cucumberlinux.com/security/details.php?id=120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file (\"[ORIGINAL_FILENAME].swp\") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://security.cucumberlinux.com/security/details.php?id=120", + "refsource": "CONFIRM", + "url": "http://security.cucumberlinux.com/security/details.php?id=120" + }, + { + "name": "[oss-security] 20171031 Fw: Security risk of vim swap files", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/10/31/1" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12259.json b/2017/12xxx/CVE-2017-12259.json index 7241dc16854..912f3d99d5f 100644 --- a/2017/12xxx/CVE-2017-12259.json +++ b/2017/12xxx/CVE-2017-12259.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12259", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Small Business SPA51x Series IP Phones", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Small Business SPA51x Series IP Phones" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending malformed SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA51x Series IP Phones that are running Cisco SPA51x Firmware Release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63982." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-119" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12259", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Small Business SPA51x Series IP Phones", + "version": { + "version_data": [ + { + "version_value": "Cisco Small Business SPA51x Series IP Phones" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip" - }, - { - "name" : "101488", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101488" - }, - { - "name" : "1039615", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039615" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending malformed SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA51x Series IP Phones that are running Cisco SPA51x Firmware Release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63982." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip" + }, + { + "name": "1039615", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039615" + }, + { + "name": "101488", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101488" + } + ] + } +} \ No newline at end of file diff --git a/2017/12xxx/CVE-2017-12307.json b/2017/12xxx/CVE-2017-12307.json index 4fdffbb6595..c5e64183479 100644 --- a/2017/12xxx/CVE-2017-12307.json +++ b/2017/12xxx/CVE-2017-12307.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-12307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Small Business 300 and 500 Series Managed Switches", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Small Business 300 and 500 Series Managed Switches" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting and injecting code into a user request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. This vulnerability affects the following Cisco Small Business 300 and 500 Series Managed Switches: Cisco Small Business 300 Series Managed Switches, Cisco Small Business 500 Series Stackable Managed Switches, Cisco 350 Series Managed Switches, Cisco 350X Series Stackable Managed Switches, Cisco 550X Series Stackable Managed Switches, Cisco ESW2 Series Advanced Switches. Cisco Bug IDs: CSCvg24637." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-12307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Small Business 300 and 500 Series Managed Switches", + "version": { + "version_data": [ + { + "version_value": "Cisco Small Business 300 and 500 Series Managed Switches" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-300-500-smb1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-300-500-smb1" - }, - { - "name" : "102718", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting and injecting code into a user request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. This vulnerability affects the following Cisco Small Business 300 and 500 Series Managed Switches: Cisco Small Business 300 Series Managed Switches, Cisco Small Business 500 Series Stackable Managed Switches, Cisco 350 Series Managed Switches, Cisco 350X Series Stackable Managed Switches, Cisco 550X Series Stackable Managed Switches, Cisco ESW2 Series Advanced Switches. Cisco Bug IDs: CSCvg24637." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-300-500-smb1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-300-500-smb1" + }, + { + "name": "102718", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102718" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16182.json b/2017/16xxx/CVE-2017-16182.json index 6e8c9b559b4..6461c039e0d 100644 --- a/2017/16xxx/CVE-2017-16182.json +++ b/2017/16xxx/CVE-2017-16182.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "serverxxx node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "serverxxx is a static file server. serverxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "serverxxx node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/serverxxx", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/serverxxx" - }, - { - "name" : "https://nodesecurity.io/advisories/455", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/455" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "serverxxx is a static file server. serverxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/serverxxx", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/serverxxx" + }, + { + "name": "https://nodesecurity.io/advisories/455", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/455" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16656.json b/2017/16xxx/CVE-2017-16656.json index 524d9532572..c81210e833e 100644 --- a/2017/16xxx/CVE-2017-16656.json +++ b/2017/16xxx/CVE-2017-16656.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16656", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16656", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16933.json b/2017/16xxx/CVE-2017-16933.json index e0dc35c8e60..6eaeeeb1ade 100644 --- a/2017/16xxx/CVE-2017-16933.json +++ b/2017/16xxx/CVE-2017-16933.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Icinga/icinga2/issues/5793", - "refsource" : "MISC", - "url" : "https://github.com/Icinga/icinga2/issues/5793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Icinga/icinga2/issues/5793", + "refsource": "MISC", + "url": "https://github.com/Icinga/icinga2/issues/5793" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4433.json b/2017/4xxx/CVE-2017-4433.json index 0dd9f43872f..2009012a3ab 100644 --- a/2017/4xxx/CVE-2017-4433.json +++ b/2017/4xxx/CVE-2017-4433.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4433", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4433", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4655.json b/2017/4xxx/CVE-2017-4655.json index c9e7cb6134f..818ed6917c0 100644 --- a/2017/4xxx/CVE-2017-4655.json +++ b/2017/4xxx/CVE-2017-4655.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4655", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4655", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4821.json b/2017/4xxx/CVE-2017-4821.json index 12a4f7eb739..0a8f6f478e6 100644 --- a/2017/4xxx/CVE-2017-4821.json +++ b/2017/4xxx/CVE-2017-4821.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4821", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4821", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5962.json b/2018/5xxx/CVE-2018-5962.json index 812f51f8f88..1f141e57c47 100644 --- a/2018/5xxx/CVE-2018-5962.json +++ b/2018/5xxx/CVE-2018-5962.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vulnerability-lab.com/get_content.php?id=1836", - "refsource" : "MISC", - "url" : "https://www.vulnerability-lab.com/get_content.php?id=1836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.vulnerability-lab.com/get_content.php?id=1836", + "refsource": "MISC", + "url": "https://www.vulnerability-lab.com/get_content.php?id=1836" + } + ] + } +} \ No newline at end of file