From f7b9d251afc3ab16bdb575c258db35f9517ed506 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:41:59 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0534.json | 140 +++---- 2001/0xxx/CVE-2001-0899.json | 140 +++---- 2001/1xxx/CVE-2001-1172.json | 150 +++---- 2006/2xxx/CVE-2006-2108.json | 160 +++---- 2006/2xxx/CVE-2006-2257.json | 170 ++++---- 2006/2xxx/CVE-2006-2356.json | 170 ++++---- 2006/2xxx/CVE-2006-2460.json | 210 +++++----- 2006/2xxx/CVE-2006-2619.json | 34 +- 2006/2xxx/CVE-2006-2825.json | 150 +++---- 2006/6xxx/CVE-2006-6494.json | 190 ++++----- 2006/6xxx/CVE-2006-6501.json | 650 ++++++++++++++--------------- 2006/6xxx/CVE-2006-6807.json | 150 +++---- 2011/2xxx/CVE-2011-2347.json | 160 +++---- 2011/2xxx/CVE-2011-2722.json | 220 +++++----- 2011/3xxx/CVE-2011-3215.json | 140 +++---- 2011/3xxx/CVE-2011-3431.json | 150 +++---- 2011/3xxx/CVE-2011-3776.json | 150 +++---- 2011/4xxx/CVE-2011-4074.json | 200 ++++----- 2011/4xxx/CVE-2011-4177.json | 34 +- 2011/4xxx/CVE-2011-4394.json | 34 +- 2011/4xxx/CVE-2011-4712.json | 140 +++---- 2011/4xxx/CVE-2011-4861.json | 120 +++--- 2013/0xxx/CVE-2013-0762.json | 240 +++++------ 2013/0xxx/CVE-2013-0894.json | 170 ++++---- 2013/0xxx/CVE-2013-0899.json | 190 ++++----- 2013/1xxx/CVE-2013-1283.json | 140 +++---- 2013/1xxx/CVE-2013-1616.json | 150 +++---- 2013/1xxx/CVE-2013-1983.json | 170 ++++---- 2013/5xxx/CVE-2013-5268.json | 34 +- 2013/5xxx/CVE-2013-5464.json | 140 +++---- 2013/5xxx/CVE-2013-5712.json | 34 +- 2014/2xxx/CVE-2014-2009.json | 170 ++++---- 2014/2xxx/CVE-2014-2358.json | 120 +++--- 2014/2xxx/CVE-2014-2400.json | 160 +++---- 2014/2xxx/CVE-2014-2488.json | 150 +++---- 2014/2xxx/CVE-2014-2747.json | 34 +- 2014/2xxx/CVE-2014-2777.json | 150 +++---- 2017/0xxx/CVE-2017-0167.json | 150 +++---- 2017/0xxx/CVE-2017-0247.json | 140 +++---- 2017/0xxx/CVE-2017-0575.json | 146 +++---- 2017/1000xxx/CVE-2017-1000064.json | 124 +++--- 2017/1000xxx/CVE-2017-1000094.json | 124 +++--- 2017/16xxx/CVE-2017-16104.json | 132 +++--- 2017/16xxx/CVE-2017-16623.json | 34 +- 2017/16xxx/CVE-2017-16756.json | 140 +++---- 2017/16xxx/CVE-2017-16797.json | 120 +++--- 2017/1xxx/CVE-2017-1555.json | 220 +++++----- 2017/4xxx/CVE-2017-4772.json | 34 +- 2017/4xxx/CVE-2017-4874.json | 34 +- 2017/4xxx/CVE-2017-4995.json | 130 +++--- 2018/5xxx/CVE-2018-5294.json | 130 +++--- 2018/5xxx/CVE-2018-5480.json | 34 +- 2018/5xxx/CVE-2018-5795.json | 120 +++--- 53 files changed, 3763 insertions(+), 3763 deletions(-) diff --git a/2001/0xxx/CVE-2001-0534.json b/2001/0xxx/CVE-2001-0534.json index 103a8c6ca1b..eb73d072db2 100644 --- a/2001/0xxx/CVE-2001-0534.json +++ b/2001/0xxx/CVE-2001-0534.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b and (2) Lucent 2.1-2 RADIUS allow remote attackers to cause a denial of service or execute arbitrary commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010705 Remote Buffer Overflow in Multiple RADIUS Implementations", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/alerts/alerts.php" - }, - { - "name" : "VU#898931", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/898931" - }, - { - "name" : "2989", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2989" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b and (2) Lucent 2.1-2 RADIUS allow remote attackers to cause a denial of service or execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2989", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2989" + }, + { + "name": "VU#898931", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/898931" + }, + { + "name": "20010705 Remote Buffer Overflow in Multiple RADIUS Implementations", + "refsource": "ISS", + "url": "http://xforce.iss.net/alerts/alerts.php" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0899.json b/2001/0xxx/CVE-2001-0899.json index 7be3a4e1505..94a93f74608 100644 --- a/2001/0xxx/CVE-2001-0899.json +++ b/2001/0xxx/CVE-2001-0899.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Network Tools 0.2 for PHP-Nuke allows remote attackers to execute commands on the server via shell metacharacters in the $hostinput variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011116 Network Tool 0.2 Addon for PHPNuke vulnerable to remote command execution", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=100593523104176&w=2" - }, - { - "name" : "http://phpnukerz.org/modules.php?name=Downloads&d_op=viewsdownload&sid=32", - "refsource" : "CONFIRM", - "url" : "http://phpnukerz.org/modules.php?name=Downloads&d_op=viewsdownload&sid=32" - }, - { - "name" : "phpnuke-nettools-command-execution(7578)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7578" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Network Tools 0.2 for PHP-Nuke allows remote attackers to execute commands on the server via shell metacharacters in the $hostinput variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://phpnukerz.org/modules.php?name=Downloads&d_op=viewsdownload&sid=32", + "refsource": "CONFIRM", + "url": "http://phpnukerz.org/modules.php?name=Downloads&d_op=viewsdownload&sid=32" + }, + { + "name": "phpnuke-nettools-command-execution(7578)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7578" + }, + { + "name": "20011116 Network Tool 0.2 Addon for PHPNuke vulnerable to remote command execution", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=100593523104176&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1172.json b/2001/1xxx/CVE-2001-1172.json index 12747b9de5e..9afe08d0cfa 100644 --- a/2001/1xxx/CVE-2001-1172.json +++ b/2001/1xxx/CVE-2001-1172.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OmniSecure HTTProtect 1.1.1 allows a superuser without omnish privileges to modify a protected file by creating a symbolic link to that file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010719 [SNS Advisory No.37] HTTProtect allows attackers to change the protected file using a symlink", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-07/0357.html" - }, - { - "name" : "http://www.omnisecure.com/security-alert.html", - "refsource" : "CONFIRM", - "url" : "http://www.omnisecure.com/security-alert.html" - }, - { - "name" : "httprotect-protected-file-symlink(6880)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6880" - }, - { - "name" : "5452", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OmniSecure HTTProtect 1.1.1 allows a superuser without omnish privileges to modify a protected file by creating a symbolic link to that file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010719 [SNS Advisory No.37] HTTProtect allows attackers to change the protected file using a symlink", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0357.html" + }, + { + "name": "http://www.omnisecure.com/security-alert.html", + "refsource": "CONFIRM", + "url": "http://www.omnisecure.com/security-alert.html" + }, + { + "name": "5452", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5452" + }, + { + "name": "httprotect-protected-file-symlink(6880)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6880" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2108.json b/2006/2xxx/CVE-2006-2108.json index 34cbc9b75b1..da1b6e82fdb 100644 --- a/2006/2xxx/CVE-2006-2108.json +++ b/2006/2xxx/CVE-2006-2108.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "parser.exe in Océ (OCE) 3121/3122 Printer allows remote attackers to cause a denial of service (crash or reboot) via a long request, possibly triggering a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1718", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1718" - }, - { - "name" : "17715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17715" - }, - { - "name" : "25000", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25000" - }, - { - "name" : "19847", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19847" - }, - { - "name" : "oce-printer-url-dos(26123)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "parser.exe in Oc\u00e9 (OCE) 3121/3122 Printer allows remote attackers to cause a denial of service (crash or reboot) via a long request, possibly triggering a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25000", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25000" + }, + { + "name": "1718", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1718" + }, + { + "name": "17715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17715" + }, + { + "name": "19847", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19847" + }, + { + "name": "oce-printer-url-dos(26123)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26123" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2257.json b/2006/2xxx/CVE-2006-2257.json index 87b2065b38b..304e0d77ce7 100644 --- a/2006/2xxx/CVE-2006-2257.json +++ b/2006/2xxx/CVE-2006-2257.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in easyEvent 1.2 allows remote attackers to inject arbitrary web script or HTML via the curr_year parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17891", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17891" - }, - { - "name" : "ADV-2006-1695", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1695" - }, - { - "name" : "25341", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25341" - }, - { - "name" : "1016105", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016105" - }, - { - "name" : "20038", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20038" - }, - { - "name" : "easyevent-index-xss(26332)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26332" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in easyEvent 1.2 allows remote attackers to inject arbitrary web script or HTML via the curr_year parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "easyevent-index-xss(26332)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26332" + }, + { + "name": "20038", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20038" + }, + { + "name": "17891", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17891" + }, + { + "name": "1016105", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016105" + }, + { + "name": "ADV-2006-1695", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1695" + }, + { + "name": "25341", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25341" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2356.json b/2006/2xxx/CVE-2006-2356.json index 36032808063..1f79fd47655 100644 --- a/2006/2xxx/CVE-2006-2356.json +++ b/2006/2xxx/CVE-2006-2356.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2356", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2356", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060511 Ipswitch WhatsUp Professional multiple flaws", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433808" - }, - { - "name" : "ADV-2006-1787", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1787" - }, - { - "name" : "25475", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25475" - }, - { - "name" : "20075", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20075" - }, - { - "name" : "897", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/897" - }, - { - "name" : "whatsup-rendermap-information-disclosure(26505)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060511 Ipswitch WhatsUp Professional multiple flaws", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433808" + }, + { + "name": "20075", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20075" + }, + { + "name": "whatsup-rendermap-information-disclosure(26505)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26505" + }, + { + "name": "ADV-2006-1787", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1787" + }, + { + "name": "25475", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25475" + }, + { + "name": "897", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/897" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2460.json b/2006/2xxx/CVE-2006-2460.json index 2c000375c74..de0c51826e3 100644 --- a/2006/2xxx/CVE-2006-2460.json +++ b/2006/2xxx/CVE-2006-2460.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_globals is enabled, does not protect critical variables such as $_GLOBALS and $_SESSION from modification, which allows remote attackers to conduct attacks such as directory traversal or PHP remote file inclusion, as demonstrated by modifying the GLOBALS[sugarEntry] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060515 Sugar Suite Open Source <= 4.2 \"OptimisticLock!\" arbitrary remote inclusion exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434009/100/0/threaded" - }, - { - "name" : "http://retrogod.altervista.org/sugar_suite_42_incl_xpl.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/sugar_suite_42_incl_xpl.html" - }, - { - "name" : "1785", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1785" - }, - { - "name" : "17987", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17987" - }, - { - "name" : "ADV-2006-1791", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1791" - }, - { - "name" : "25532", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25532" - }, - { - "name" : "1016087", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016087" - }, - { - "name" : "20072", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20072" - }, - { - "name" : "921", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/921" - }, - { - "name" : "sugarsuite-modules-file-include(26451)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26451" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_globals is enabled, does not protect critical variables such as $_GLOBALS and $_SESSION from modification, which allows remote attackers to conduct attacks such as directory traversal or PHP remote file inclusion, as demonstrated by modifying the GLOBALS[sugarEntry] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://retrogod.altervista.org/sugar_suite_42_incl_xpl.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/sugar_suite_42_incl_xpl.html" + }, + { + "name": "ADV-2006-1791", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1791" + }, + { + "name": "20072", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20072" + }, + { + "name": "20060515 Sugar Suite Open Source <= 4.2 \"OptimisticLock!\" arbitrary remote inclusion exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434009/100/0/threaded" + }, + { + "name": "sugarsuite-modules-file-include(26451)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26451" + }, + { + "name": "17987", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17987" + }, + { + "name": "1016087", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016087" + }, + { + "name": "25532", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25532" + }, + { + "name": "1785", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1785" + }, + { + "name": "921", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/921" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2619.json b/2006/2xxx/CVE-2006-2619.json index 6e690e0721f..ff86e0e4eac 100644 --- a/2006/2xxx/CVE-2006-2619.json +++ b/2006/2xxx/CVE-2006-2619.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2619", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2619", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2825.json b/2006/2xxx/CVE-2006-2825.json index 91596b41494..c68704e724d 100644 --- a/2006/2xxx/CVE-2006-2825.json +++ b/2006/2xxx/CVE-2006-2825.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user's own open_basedir directive, but not the main server's open_basedir directive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060520 cPanel OpenBaseDir Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-05/0402.html" - }, - { - "name" : "31835", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/31835" - }, - { - "name" : "1039", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1039" - }, - { - "name" : "cpanel-openbasedir-security-bypass(26613)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26613" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user's own open_basedir directive, but not the main server's open_basedir directive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cpanel-openbasedir-security-bypass(26613)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26613" + }, + { + "name": "20060520 cPanel OpenBaseDir Bypass", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0402.html" + }, + { + "name": "31835", + "refsource": "OSVDB", + "url": "http://osvdb.org/31835" + }, + { + "name": "1039", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1039" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6494.json b/2006/6xxx/CVE-2006-6494.json index 764115852f1..dcaeb4867e5 100644 --- a/2006/6xxx/CVE-2006-6494.json +++ b/2006/6xxx/CVE-2006-6494.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061212 Sun Microsystems Solaris ld.so Directory Traversal Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=449" - }, - { - "name" : "102724", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102724-1" - }, - { - "name" : "21564", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21564" - }, - { - "name" : "ADV-2006-4979", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4979" - }, - { - "name" : "oval:org.mitre.oval:def:2121", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2121" - }, - { - "name" : "1017376", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017376" - }, - { - "name" : "23317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23317" - }, - { - "name" : "solaris-ld-lang-directory-traversal(30849)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:2121", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2121" + }, + { + "name": "23317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23317" + }, + { + "name": "solaris-ld-lang-directory-traversal(30849)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30849" + }, + { + "name": "20061212 Sun Microsystems Solaris ld.so Directory Traversal Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=449" + }, + { + "name": "102724", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102724-1" + }, + { + "name": "21564", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21564" + }, + { + "name": "1017376", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017376" + }, + { + "name": "ADV-2006-4979", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4979" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6501.json b/2006/6xxx/CVE-2006-6501.json index 3722df705b5..24851e1021f 100644 --- a/2006/6xxx/CVE-2006-6501.json +++ b/2006/6xxx/CVE-2006-6501.json @@ -1,327 +1,327 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-6501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070102 rPSA-2006-0234-2 firefox thunderbird", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455728/100/200/threaded" - }, - { - "name" : "20061222 rPSA-2006-0234-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455145/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-70.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-70.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-883", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-883" - }, - { - "name" : "DSA-1253", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1253" - }, - { - "name" : "DSA-1258", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1258" - }, - { - "name" : "DSA-1265", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1265" - }, - { - "name" : "FEDORA-2006-1491", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/cms/node/2297" - }, - { - "name" : "FEDORA-2007-004", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/cms/node/2338" - }, - { - "name" : "GLSA-200701-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200701-02.xml" - }, - { - "name" : "GLSA-200701-03", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200701-03.xml" - }, - { - "name" : "GLSA-200701-04", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" - }, - { - "name" : "MDKSA-2007:010", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:010" - }, - { - "name" : "MDKSA-2007:011", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:011" - }, - { - "name" : "RHSA-2006:0758", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0758.html" - }, - { - "name" : "RHSA-2006:0759", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0759.html" - }, - { - "name" : "RHSA-2006:0760", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0760.html" - }, - { - "name" : "20061202-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc" - }, - { - "name" : "SUSE-SA:2006:080", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html" - }, - { - "name" : "SUSE-SA:2007:006", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html" - }, - { - "name" : "USN-398-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-398-1" - }, - { - "name" : "USN-398-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-398-2" - }, - { - "name" : "USN-400-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-400-1" - }, - { - "name" : "TA06-354A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-354A.html" - }, - { - "name" : "VU#263412", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/263412" - }, - { - "name" : "21668", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21668" - }, - { - "name" : "oval:org.mitre.oval:def:9746", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9746" - }, - { - "name" : "ADV-2006-5068", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5068" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "1017403", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017403" - }, - { - "name" : "1017404", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017404" - }, - { - "name" : "1017407", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017407" - }, - { - "name" : "23433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23433" - }, - { - "name" : "23439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23439" - }, - { - "name" : "23440", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23440" - }, - { - "name" : "23282", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23282" - }, - { - "name" : "23420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23420" - }, - { - "name" : "23422", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23422" - }, - { - "name" : "23468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23468" - }, - { - "name" : "23514", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23514" - }, - { - "name" : "23589", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23589" - }, - { - "name" : "23601", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23601" - }, - { - "name" : "23545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23545" - }, - { - "name" : "23591", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23591" - }, - { - "name" : "23598", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23598" - }, - { - "name" : "23614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23614" - }, - { - "name" : "23618", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23618" - }, - { - "name" : "23692", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23692" - }, - { - "name" : "23672", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23672" - }, - { - "name" : "23988", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23988" - }, - { - "name" : "24078", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24078" - }, - { - "name" : "24390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24390" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21668", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21668" + }, + { + "name": "23433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23433" + }, + { + "name": "MDKSA-2007:010", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:010" + }, + { + "name": "23439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23439" + }, + { + "name": "23672", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23672" + }, + { + "name": "ADV-2006-5068", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5068" + }, + { + "name": "23468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23468" + }, + { + "name": "23598", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23598" + }, + { + "name": "RHSA-2006:0758", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0758.html" + }, + { + "name": "DSA-1265", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1265" + }, + { + "name": "24078", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24078" + }, + { + "name": "23692", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23692" + }, + { + "name": "USN-398-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-398-2" + }, + { + "name": "GLSA-200701-04", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml" + }, + { + "name": "23282", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23282" + }, + { + "name": "24390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24390" + }, + { + "name": "VU#263412", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/263412" + }, + { + "name": "FEDORA-2006-1491", + "refsource": "FEDORA", + "url": "http://fedoranews.org/cms/node/2297" + }, + { + "name": "23422", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23422" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" + }, + { + "name": "23591", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23591" + }, + { + "name": "23614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23614" + }, + { + "name": "RHSA-2006:0759", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0759.html" + }, + { + "name": "USN-398-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-398-1" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "1017404", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017404" + }, + { + "name": "FEDORA-2007-004", + "refsource": "FEDORA", + "url": "http://fedoranews.org/cms/node/2338" + }, + { + "name": "23420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23420" + }, + { + "name": "20061202-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc" + }, + { + "name": "23440", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23440" + }, + { + "name": "1017403", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017403" + }, + { + "name": "SUSE-SA:2006:080", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html" + }, + { + "name": "oval:org.mitre.oval:def:9746", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9746" + }, + { + "name": "20061222 rPSA-2006-0234-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455145/100/0/threaded" + }, + { + "name": "23545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23545" + }, + { + "name": "23618", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23618" + }, + { + "name": "GLSA-200701-03", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-03.xml" + }, + { + "name": "1017407", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017407" + }, + { + "name": "TA06-354A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-70.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-70.html" + }, + { + "name": "23589", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23589" + }, + { + "name": "DSA-1253", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1253" + }, + { + "name": "DSA-1258", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1258" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" + }, + { + "name": "https://issues.rpath.com/browse/RPL-883", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-883" + }, + { + "name": "20070102 rPSA-2006-0234-2 firefox thunderbird", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455728/100/200/threaded" + }, + { + "name": "SUSE-SA:2007:006", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html" + }, + { + "name": "23601", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23601" + }, + { + "name": "23988", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23988" + }, + { + "name": "MDKSA-2007:011", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:011" + }, + { + "name": "23514", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23514" + }, + { + "name": "GLSA-200701-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200701-02.xml" + }, + { + "name": "RHSA-2006:0760", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0760.html" + }, + { + "name": "USN-400-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-400-1" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6807.json b/2006/6xxx/CVE-2006-6807.json index fae63d46470..26806500116 100644 --- a/2006/6xxx/CVE-2006-6807.json +++ b/2006/6xxx/CVE-2006-6807.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the agent parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3001", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3001" - }, - { - "name" : "21771", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21771" - }, - { - "name" : "ADV-2006-5179", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5179" - }, - { - "name" : "23506", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23506" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the agent parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-5179", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5179" + }, + { + "name": "23506", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23506" + }, + { + "name": "3001", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3001" + }, + { + "name": "21771", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21771" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2347.json b/2011/2xxx/CVE-2011-2347.json index addc77a62ac..f2ced3094d6 100644 --- a/2011/2xxx/CVE-2011-2347.json +++ b/2011/2xxx/CVE-2011-2347.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 12.0.742.112 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=85003", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=85003" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html" - }, - { - "name" : "oval:org.mitre.oval:def:14649", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14649" - }, - { - "name" : "1025730", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025730" - }, - { - "name" : "45097", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 12.0.742.112 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=85003", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=85003" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html" + }, + { + "name": "45097", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45097" + }, + { + "name": "1025730", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025730" + }, + { + "name": "oval:org.mitre.oval:def:14649", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14649" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2722.json b/2011/2xxx/CVE-2011-2722.json index d2f510f0698..951a7946c89 100644 --- a/2011/2xxx/CVE-2011-2722.json +++ b/2011/2xxx/CVE-2011-2722.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110726 Re: CVE request: hplip: insecure tmp file handling", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/26/14" - }, - { - "name" : "http://hplipopensource.com/hplip-web/release_notes.html", - "refsource" : "CONFIRM", - "url" : "http://hplipopensource.com/hplip-web/release_notes.html" - }, - { - "name" : "https://bugs.launchpad.net/hplip/+bug/809904", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/hplip/+bug/809904" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=704608", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=704608" - }, - { - "name" : "https://bugzilla.redhat.com/attachment.cgi?id=515866&action=diff", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/attachment.cgi?id=515866&action=diff" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=725830", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=725830" - }, - { - "name" : "GLSA-201203-17", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201203-17.xml" - }, - { - "name" : "RHSA-2013:0133", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0133.html" - }, - { - "name" : "USN-1981-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1981-1" - }, - { - "name" : "48441", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48441" - }, - { - "name" : "55083", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55083" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=704608", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=704608" + }, + { + "name": "55083", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55083" + }, + { + "name": "USN-1981-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1981-1" + }, + { + "name": "RHSA-2013:0133", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0133.html" + }, + { + "name": "https://bugs.launchpad.net/hplip/+bug/809904", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/hplip/+bug/809904" + }, + { + "name": "https://bugzilla.redhat.com/attachment.cgi?id=515866&action=diff", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/attachment.cgi?id=515866&action=diff" + }, + { + "name": "http://hplipopensource.com/hplip-web/release_notes.html", + "refsource": "CONFIRM", + "url": "http://hplipopensource.com/hplip-web/release_notes.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=725830", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=725830" + }, + { + "name": "GLSA-201203-17", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201203-17.xml" + }, + { + "name": "[oss-security] 20110726 Re: CVE request: hplip: insecure tmp file handling", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/26/14" + }, + { + "name": "48441", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48441" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3215.json b/2011/3xxx/CVE-2011-3215.json index acfb5d0f9ea..9259fec5c72 100644 --- a/2011/3xxx/CVE-2011-3215.json +++ b/2011/3xxx/CVE-2011-3215.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) loginwindow, (2) boot, or (3) shutdown state." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-3215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5002", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5002" - }, - { - "name" : "APPLE-SA-2011-10-12-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" - }, - { - "name" : "50085", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) loginwindow, (2) boot, or (3) shutdown state." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2011-10-12-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5002", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5002" + }, + { + "name": "50085", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50085" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3431.json b/2011/3xxx/CVE-2011-3431.json index 9bbcbfcd6ea..8d99d52c7d8 100644 --- a/2011/3xxx/CVE-2011-3431.json +++ b/2011/3xxx/CVE-2011-3431.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-3431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - }, - { - "name" : "76327", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76327" - }, - { - "name" : "appleios-switching-info-disc(70554)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70554" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "76327", + "refsource": "OSVDB", + "url": "http://osvdb.org/76327" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + }, + { + "name": "appleios-switching-info-disc(70554)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70554" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3776.json b/2011/3xxx/CVE-2011-3776.json index 49d8de54f79..8b07c90b427 100644 --- a/2011/3xxx/CVE-2011-3776.json +++ b/2011/3xxx/CVE-2011-3776.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpFormGenerator 2.09 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by forms/process.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpFormGen-2.09", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpFormGen-2.09" - }, - { - "name" : "phpformgenerator-process-path-disclosure(70544)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70544" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpFormGenerator 2.09 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by forms/process.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpFormGen-2.09", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpFormGen-2.09" + }, + { + "name": "phpformgenerator-process-path-disclosure(70544)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70544" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4074.json b/2011/4xxx/CVE-2011-4074.json index bfe2e21a811..d7fba27aa0d 100644 --- a/2011/4xxx/CVE-2011-4074.json +++ b/2011/4xxx/CVE-2011-4074.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via an _debug command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111024 CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/10/24/9" - }, - { - "name" : "[oss-security] 20111025 Re: CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/10/25/2" - }, - { - "name" : "http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin;a=blobdiff;f=htdocs/cmd.php;h=0ddf0044355abc94160be73122eb34f3e48ab2d9;hp=34f3848fe4a6d4c00c7c568afa81f59579f5d724;hb=64668e882b8866fae0fa1b25375d1a2f3b4672e2;hpb=caeba72171ade4f588fef1818aa4f6243a68b85e", - "refsource" : "CONFIRM", - "url" : "http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin;a=blobdiff;f=htdocs/cmd.php;h=0ddf0044355abc94160be73122eb34f3e48ab2d9;hp=34f3848fe4a6d4c00c7c568afa81f59579f5d724;hb=64668e882b8866fae0fa1b25375d1a2f3b4672e2;hpb=caeba72171ade4f588fef1818aa4f6243a68b85e" - }, - { - "name" : "http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page", - "refsource" : "CONFIRM", - "url" : "http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page" - }, - { - "name" : "DSA-2333", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2333" - }, - { - "name" : "50331", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50331" - }, - { - "name" : "76593", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76593" - }, - { - "name" : "46551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46551" - }, - { - "name" : "46672", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46672" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via an _debug command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50331", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50331" + }, + { + "name": "[oss-security] 20111025 Re: CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/10/25/2" + }, + { + "name": "46672", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46672" + }, + { + "name": "46551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46551" + }, + { + "name": "[oss-security] 20111024 CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/10/24/9" + }, + { + "name": "76593", + "refsource": "OSVDB", + "url": "http://osvdb.org/76593" + }, + { + "name": "http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page", + "refsource": "CONFIRM", + "url": "http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page" + }, + { + "name": "DSA-2333", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2333" + }, + { + "name": "http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin;a=blobdiff;f=htdocs/cmd.php;h=0ddf0044355abc94160be73122eb34f3e48ab2d9;hp=34f3848fe4a6d4c00c7c568afa81f59579f5d724;hb=64668e882b8866fae0fa1b25375d1a2f3b4672e2;hpb=caeba72171ade4f588fef1818aa4f6243a68b85e", + "refsource": "CONFIRM", + "url": "http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin;a=blobdiff;f=htdocs/cmd.php;h=0ddf0044355abc94160be73122eb34f3e48ab2d9;hp=34f3848fe4a6d4c00c7c568afa81f59579f5d724;hb=64668e882b8866fae0fa1b25375d1a2f3b4672e2;hpb=caeba72171ade4f588fef1818aa4f6243a68b85e" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4177.json b/2011/4xxx/CVE-2011-4177.json index 6cf62f59c06..48c2dab0c83 100644 --- a/2011/4xxx/CVE-2011-4177.json +++ b/2011/4xxx/CVE-2011-4177.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4177", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4177", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4394.json b/2011/4xxx/CVE-2011-4394.json index 9d0e0556f0c..75970b61015 100644 --- a/2011/4xxx/CVE-2011-4394.json +++ b/2011/4xxx/CVE-2011-4394.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4394", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4394", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4712.json b/2011/4xxx/CVE-2011-4712.json index 45e56351b16..8e7befc5a68 100644 --- a/2011/4xxx/CVE-2011-4712.json +++ b/2011/4xxx/CVE-2011-4712.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Oxide WebServer allows remote attackers to read arbitrary files via a ..\\ (dot dot backslash) in an HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111129 Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520679/100/0/threaded" - }, - { - "name" : "50845", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50845" - }, - { - "name" : "oxidemonox1d3-filenames-dir-traversal(71512)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71512" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Oxide WebServer allows remote attackers to read arbitrary files via a ..\\ (dot dot backslash) in an HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50845", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50845" + }, + { + "name": "20111129 Oxide M0N0X1D3 HTTP Server Directory Traversal Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520679/100/0/threaded" + }, + { + "name": "oxidemonox1d3-filenames-dir-traversal(71512)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71512" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4861.json b/2011/4xxx/CVE-2011-4861.json index c098c41832a..27e5bf248b4 100644 --- a/2011/4xxx/CVE-2011-4861.json +++ b/2011/4xxx/CVE-2011-4861.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The modbus_125_handler function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) allows remote attackers to install arbitrary firmware updates via a MODBUS 125 function code to TCP port 502." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1", - "refsource" : "MISC", - "url" : "http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The modbus_125_handler function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) allows remote attackers to install arbitrary firmware updates via a MODBUS 125 function code to TCP port 502." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1", + "refsource": "MISC", + "url": "http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0762.json b/2013/0xxx/CVE-2013-0762.json index 0939909c2ea..24d6dda8b08 100644 --- a/2013/0xxx/CVE-2013-0762.json +++ b/2013/0xxx/CVE-2013-0762.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-0762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-02.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=788959", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=788959" - }, - { - "name" : "RHSA-2013:0144", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0144.html" - }, - { - "name" : "RHSA-2013:0145", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0145.html" - }, - { - "name" : "SUSE-SU-2013:0048", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" - }, - { - "name" : "SUSE-SU-2013:0049", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" - }, - { - "name" : "openSUSE-SU-2013:0131", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" - }, - { - "name" : "openSUSE-SU-2013:0149", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" - }, - { - "name" : "USN-1681-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1681-1" - }, - { - "name" : "USN-1681-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1681-2" - }, - { - "name" : "USN-1681-4", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1681-4" - }, - { - "name" : "57193", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57193" - }, - { - "name" : "oval:org.mitre.oval:def:16288", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16288" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2013:0048", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html" + }, + { + "name": "oval:org.mitre.oval:def:16288", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16288" + }, + { + "name": "57193", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57193" + }, + { + "name": "openSUSE-SU-2013:0131", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-02.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-02.html" + }, + { + "name": "RHSA-2013:0145", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0145.html" + }, + { + "name": "USN-1681-4", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1681-4" + }, + { + "name": "RHSA-2013:0144", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0144.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=788959", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=788959" + }, + { + "name": "SUSE-SU-2013:0049", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html" + }, + { + "name": "USN-1681-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1681-1" + }, + { + "name": "openSUSE-SU-2013:0149", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html" + }, + { + "name": "USN-1681-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1681-2" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0894.json b/2013/0xxx/CVE-2013-0894.json index 9daeea312eb..a18be9e8ee0 100644 --- a/2013/0xxx/CVE-2013-0894.json +++ b/2013/0xxx/CVE-2013-0894.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0894", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-0894", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.chromium.org/gitweb/?p=chromium/deps/ffmpeg.git;a=commit;h=e1e70d9bb9852b7d099379afc95531a632a20ba5", - "refsource" : "CONFIRM", - "url" : "http://git.chromium.org/gitweb/?p=chromium/deps/ffmpeg.git;a=commit;h=e1e70d9bb9852b7d099379afc95531a632a20ba5" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=2c16bf2de07c68513072bf3cc96401d2c6291a3e", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=2c16bf2de07c68513072bf3cc96401d2c6291a3e" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=168473", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=168473" - }, - { - "name" : "openSUSE-SU-2013:0454", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html" - }, - { - "name" : "USN-1790-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1790-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=168473", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=168473" + }, + { + "name": "USN-1790-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1790-1" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=2c16bf2de07c68513072bf3cc96401d2c6291a3e", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=2c16bf2de07c68513072bf3cc96401d2c6291a3e" + }, + { + "name": "openSUSE-SU-2013:0454", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html" + }, + { + "name": "http://git.chromium.org/gitweb/?p=chromium/deps/ffmpeg.git;a=commit;h=e1e70d9bb9852b7d099379afc95531a632a20ba5", + "refsource": "CONFIRM", + "url": "http://git.chromium.org/gitweb/?p=chromium/deps/ffmpeg.git;a=commit;h=e1e70d9bb9852b7d099379afc95531a632a20ba5" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0899.json b/2013/0xxx/CVE-2013-0899.json index 8df8b6bba3d..4ee8afa1ce2 100644 --- a/2013/0xxx/CVE-2013-0899.json +++ b/2013/0xxx/CVE-2013-0899.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-0899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html" - }, - { - "name" : "http://opus-codec.org/downloads/", - "refsource" : "CONFIRM", - "url" : "http://opus-codec.org/downloads/" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=160480", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=160480" - }, - { - "name" : "https://codereview.chromium.org/11575026", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/11575026" - }, - { - "name" : "https://src.chromium.org/viewvc/chrome/trunk/deps/third_party/opus/src/opus_decoder.c?r1=173498&r2=173497&pathrev=173498", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/chrome/trunk/deps/third_party/opus/src/opus_decoder.c?r1=173498&r2=173497&pathrev=173498" - }, - { - "name" : "https://src.chromium.org/viewvc/chrome?view=rev&revision=173498", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/chrome?view=rev&revision=173498" - }, - { - "name" : "openSUSE-SU-2013:0454", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html" - }, - { - "name" : "oval:org.mitre.oval:def:16027", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=160480", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=160480" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html" + }, + { + "name": "https://src.chromium.org/viewvc/chrome/trunk/deps/third_party/opus/src/opus_decoder.c?r1=173498&r2=173497&pathrev=173498", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/chrome/trunk/deps/third_party/opus/src/opus_decoder.c?r1=173498&r2=173497&pathrev=173498" + }, + { + "name": "https://src.chromium.org/viewvc/chrome?view=rev&revision=173498", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/chrome?view=rev&revision=173498" + }, + { + "name": "https://codereview.chromium.org/11575026", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/11575026" + }, + { + "name": "oval:org.mitre.oval:def:16027", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16027" + }, + { + "name": "openSUSE-SU-2013:0454", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html" + }, + { + "name": "http://opus-codec.org/downloads/", + "refsource": "CONFIRM", + "url": "http://opus-codec.org/downloads/" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1283.json b/2013/1xxx/CVE-2013-1283.json index 82247420fdc..ab587e56c12 100644 --- a/2013/1xxx/CVE-2013-1283.json +++ b/2013/1xxx/CVE-2013-1283.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka \"Win32k Race Condition Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-1283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-036", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-036" - }, - { - "name" : "TA13-100A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-100A" - }, - { - "name" : "oval:org.mitre.oval:def:16563", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka \"Win32k Race Condition Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16563", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16563" + }, + { + "name": "MS13-036", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-036" + }, + { + "name": "TA13-100A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-100A" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1616.json b/2013/1xxx/CVE-2013-1616.json index b9c6f0aebd8..194ca372e7c 100644 --- a/2013/1xxx/CVE-2013-1616.json +++ b/2013/1xxx/CVE-2013-1616.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2013-1616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html" - }, - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt" - }, - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00" - }, - { - "name" : "61106", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61106", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61106" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00" + }, + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt" + }, + { + "name": "http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1983.json b/2013/1xxx/CVE-2013-1983.json index 0bff478b83e..ad6d7444abb 100644 --- a/2013/1xxx/CVE-2013-1983.json +++ b/2013/1xxx/CVE-2013-1983.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/05/23/3" - }, - { - "name" : "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23", - "refsource" : "CONFIRM", - "url" : "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23" - }, - { - "name" : "DSA-2676", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2676" - }, - { - "name" : "FEDORA-2013-9088", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106794.html" - }, - { - "name" : "openSUSE-SU-2013:1014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00144.html" - }, - { - "name" : "USN-1858-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1858-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2676", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2676" + }, + { + "name": "FEDORA-2013-9088", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106794.html" + }, + { + "name": "USN-1858-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1858-1" + }, + { + "name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3" + }, + { + "name": "openSUSE-SU-2013:1014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00144.html" + }, + { + "name": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23", + "refsource": "CONFIRM", + "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5268.json b/2013/5xxx/CVE-2013-5268.json index 089c7a5e021..dfa7d1fcc97 100644 --- a/2013/5xxx/CVE-2013-5268.json +++ b/2013/5xxx/CVE-2013-5268.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5268", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5268", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5464.json b/2013/5xxx/CVE-2013-5464.json index b8997494f5f..cccb2a0d916 100644 --- a/2013/5xxx/CVE-2013-5464.json +++ b/2013/5xxx/CVE-2013-5464.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and modify physical counts associated with restricted storerooms, via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-5464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670870", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" - }, - { - "name" : "IV46277", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46277" - }, - { - "name" : "ibm-maximo-cve20135464-storerooms(88362)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and modify physical counts associated with restricted storerooms, via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IV46277", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46277" + }, + { + "name": "ibm-maximo-cve20135464-storerooms(88362)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88362" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5712.json b/2013/5xxx/CVE-2013-5712.json index 547fa361ba2..83e8d29c129 100644 --- a/2013/5xxx/CVE-2013-5712.json +++ b/2013/5xxx/CVE-2013-5712.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5712", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5712", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2009.json b/2014/2xxx/CVE-2014-2009.json index 8af7c90ca73..063272565f8 100644 --- a/2014/2xxx/CVE-2014-2009.json +++ b/2014/2xxx/CVE-2014-2009.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "34586", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/34586" - }, - { - "name" : "20140903 Mpay24 prestashop payment module multiple vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Sep/23" - }, - { - "name" : "http://packetstormsecurity.com/files/128136/Mpay24-Payment-Module-1.5-Information-Disclosure-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128136/Mpay24-Payment-Module-1.5-Information-Disclosure-SQL-Injection.html" - }, - { - "name" : "69560", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69560" - }, - { - "name" : "110738", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/110738" - }, - { - "name" : "mpay24-cve20142009-info-disc(95721)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mpay24-cve20142009-info-disc(95721)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95721" + }, + { + "name": "http://packetstormsecurity.com/files/128136/Mpay24-Payment-Module-1.5-Information-Disclosure-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128136/Mpay24-Payment-Module-1.5-Information-Disclosure-SQL-Injection.html" + }, + { + "name": "110738", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/110738" + }, + { + "name": "34586", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/34586" + }, + { + "name": "20140903 Mpay24 prestashop payment module multiple vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Sep/23" + }, + { + "name": "69560", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69560" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2358.json b/2014/2xxx/CVE-2014-2358.json index 580dee18c9d..2fbe07e8b86 100644 --- a/2014/2xxx/CVE-2014-2358.json +++ b/2014/2xxx/CVE-2014-2358.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative web interface in the proxy server on Fox-IT Fox DataDiode appliances before 1.7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create administrative users, (2) remove administrative users, or (3) change permissions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-2358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-269-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-269-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative web interface in the proxy server on Fox-IT Fox DataDiode appliances before 1.7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create administrative users, (2) remove administrative users, or (3) change permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-269-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-269-02" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2400.json b/2014/2xxx/CVE-2014-2400.json index 5a81e198c81..e137934dc74 100644 --- a/2014/2xxx/CVE-2014-2400.json +++ b/2014/2xxx/CVE-2014-2400.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different vulnerability than CVE-2014-2399." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-2400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140625 [RT-SA-2013-003] Endeca Latitude Cross-Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532557/100/0/threaded" - }, - { - "name" : "20140625 [RT-SA-2013-003] Endeca Latitude Cross-Site Scripting", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jun/124" - }, - { - "name" : "http://packetstormsecurity.com/files/127223/Endeca-Latitude-2.2.2-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127223/Endeca-Latitude-2.2.2-Cross-Site-Scripting.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" - }, - { - "name" : "66857", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66857" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different vulnerability than CVE-2014-2399." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140625 [RT-SA-2013-003] Endeca Latitude Cross-Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532557/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/127223/Endeca-Latitude-2.2.2-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127223/Endeca-Latitude-2.2.2-Cross-Site-Scripting.html" + }, + { + "name": "66857", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66857" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" + }, + { + "name": "20140625 [RT-SA-2013-003] Endeca Latitude Cross-Site Scripting", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jun/124" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2488.json b/2014/2xxx/CVE-2014-2488.json index 0b8d42b4174..eaa4af58077 100644 --- a/2014/2xxx/CVE-2014-2488.json +++ b/2014/2xxx/CVE-2014-2488.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality via unknown vectors related to Core." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-2488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality via unknown vectors related to Core." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2747.json b/2014/2xxx/CVE-2014-2747.json index 7fafbbb9b97..884f5fc7907 100644 --- a/2014/2xxx/CVE-2014-2747.json +++ b/2014/2xxx/CVE-2014-2747.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2747", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2747", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2777.json b/2014/2xxx/CVE-2014-2777.json index cc1fa21e475..d22ae858496 100644 --- a/2014/2xxx/CVE-2014-2777.json +++ b/2014/2xxx/CVE-2014-2777.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka \"Internet Explorer Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2014-1778." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140716 VUPEN Security Research - Microsoft Internet Explorer \"ShowSaveFileDialog()\" Sandbox Bypass (Pwn2Own 2014)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532799/100/0/threaded" - }, - { - "name" : "MS14-035", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" - }, - { - "name" : "67892", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67892" - }, - { - "name" : "1030370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka \"Internet Explorer Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2014-1778." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030370" + }, + { + "name": "67892", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67892" + }, + { + "name": "MS14-035", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" + }, + { + "name": "20140716 VUPEN Security Research - Microsoft Internet Explorer \"ShowSaveFileDialog()\" Sandbox Bypass (Pwn2Own 2014)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532799/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0167.json b/2017/0xxx/CVE-2017-0167.json index 67444144908..9b4fb29e9ca 100644 --- a/2017/0xxx/CVE-2017-0167.json +++ b/2017/0xxx/CVE-2017-0167.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system, a.k.a. \"Windows Kernel Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41880", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41880/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0167", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0167" - }, - { - "name" : "97473", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97473" - }, - { - "name" : "1038239", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038239" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system, a.k.a. \"Windows Kernel Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97473", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97473" + }, + { + "name": "41880", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41880/" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0167", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0167" + }, + { + "name": "1038239", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038239" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0247.json b/2017/0xxx/CVE-2017-0247.json index 651c8639e47..bb7bcba7b57 100644 --- a/2017/0xxx/CVE-2017-0247.json +++ b/2017/0xxx/CVE-2017-0247.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ASP.NET Core", - "version" : { - "version_data" : [ - { - "version_value" : "ASP.NET Core" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ASP.NET Core", + "version": { + "version_data": [ + { + "version_value": "ASP.NET Core" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/aspnet/Announcements/issues/239", - "refsource" : "MISC", - "url" : "https://github.com/aspnet/Announcements/issues/239" - }, - { - "name" : "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS", - "refsource" : "MISC", - "url" : "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS" - }, - { - "name" : "https://technet.microsoft.com/en-us/library/security/4021279.aspx", - "refsource" : "CONFIRM", - "url" : "https://technet.microsoft.com/en-us/library/security/4021279.aspx" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://technet.microsoft.com/en-us/library/security/4021279.aspx", + "refsource": "CONFIRM", + "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx" + }, + { + "name": "https://github.com/aspnet/Announcements/issues/239", + "refsource": "MISC", + "url": "https://github.com/aspnet/Announcements/issues/239" + }, + { + "name": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS", + "refsource": "MISC", + "url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0575.json b/2017/0xxx/CVE-2017-0575.json index 9b5295fe5f4..2dd6c7fb9be 100644 --- a/2017/0xxx/CVE-2017-0575.json +++ b/2017/0xxx/CVE-2017-0575.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32658595. References: QC-CR#1103099." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-04-01" - }, - { - "name" : "97403", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97403" - }, - { - "name" : "1038201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32658595. References: QC-CR#1103099." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-04-01" + }, + { + "name": "97403", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97403" + }, + { + "name": "1038201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038201" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000064.json b/2017/1000xxx/CVE-2017-1000064.json index 6e95eefee6e..c5eddb227a3 100644 --- a/2017/1000xxx/CVE-2017-1000064.json +++ b/2017/1000xxx/CVE-2017-1000064.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-05-06T20:43:28.315797", - "ID" : "CVE-2017-1000064", - "REQUESTER" : "dimitrisplusplus@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kitto", - "version" : { - "version_data" : [ - { - "version_value" : "0.5.1 and older" - } - ] - } - } - ] - }, - "vendor_name" : "kittoframework/kitto" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion in the router resulting in DoS" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Non garbabe-collective object creating via the use of specific query parameters" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-05-06T20:43:28.315797", + "ID": "CVE-2017-1000064", + "REQUESTER": "dimitrisplusplus@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://elixirforum.com/t/kitto-a-framework-for-interactive-dashboards/2089/13", - "refsource" : "MISC", - "url" : "https://elixirforum.com/t/kitto-a-framework-for-interactive-dashboards/2089/13" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion in the router resulting in DoS" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://elixirforum.com/t/kitto-a-framework-for-interactive-dashboards/2089/13", + "refsource": "MISC", + "url": "https://elixirforum.com/t/kitto-a-framework-for-interactive-dashboards/2089/13" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000094.json b/2017/1000xxx/CVE-2017-1000094.json index ec5b3c79d98..b87d4d968d4 100644 --- a/2017/1000xxx/CVE-2017-1000094.json +++ b/2017/1000xxx/CVE-2017-1000094.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.313357", - "ID" : "CVE-2017-1000094", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Docker Commons Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "1.7 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins Docker Commons Plugin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.313357", + "ID": "CVE-2017-1000094", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2017-07-10/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2017-07-10/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2017-07-10/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2017-07-10/" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16104.json b/2017/16xxx/CVE-2017-16104.json index 4a5b7ee66d8..28d034b67c6 100644 --- a/2017/16xxx/CVE-2017-16104.json +++ b/2017/16xxx/CVE-2017-16104.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "citypredict.whauwiller node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "citypredict.whauwiller is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "citypredict.whauwiller node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/citypredict.whauwiller", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/citypredict.whauwiller" - }, - { - "name" : "https://nodesecurity.io/advisories/370", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "citypredict.whauwiller is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/370", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/370" + }, + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/citypredict.whauwiller", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/citypredict.whauwiller" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16623.json b/2017/16xxx/CVE-2017-16623.json index 9fe6ba3925a..386fcd7a5c2 100644 --- a/2017/16xxx/CVE-2017-16623.json +++ b/2017/16xxx/CVE-2017-16623.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16623", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16623", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16756.json b/2017/16xxx/CVE-2017-16756.json index a5aa918a54e..d80c75ae3bf 100644 --- a/2017/16xxx/CVE-2017-16756.json +++ b/2017/16xxx/CVE-2017-16756.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Userscape HelpSpot before 4.7.2. A cross-site request forgery vulnerability exists on POST requests to the \"index.php?pg=password.change\" endpoint. This allows an attacker to change the password of another user's HelpSpot account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ruby.sh/helpspot-disclosure-20180206.txt", - "refsource" : "MISC", - "url" : "https://ruby.sh/helpspot-disclosure-20180206.txt" - }, - { - "name" : "https://www.helpspot.com/releases", - "refsource" : "MISC", - "url" : "https://www.helpspot.com/releases" - }, - { - "name" : "https://www.helpspot.com/releases/version-4-7-2", - "refsource" : "MISC", - "url" : "https://www.helpspot.com/releases/version-4-7-2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Userscape HelpSpot before 4.7.2. A cross-site request forgery vulnerability exists on POST requests to the \"index.php?pg=password.change\" endpoint. This allows an attacker to change the password of another user's HelpSpot account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.helpspot.com/releases", + "refsource": "MISC", + "url": "https://www.helpspot.com/releases" + }, + { + "name": "https://ruby.sh/helpspot-disclosure-20180206.txt", + "refsource": "MISC", + "url": "https://ruby.sh/helpspot-disclosure-20180206.txt" + }, + { + "name": "https://www.helpspot.com/releases/version-4-7-2", + "refsource": "MISC", + "url": "https://www.helpspot.com/releases/version-4-7-2" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16797.json b/2017/16xxx/CVE-2017-16797.json index 2047b10bfe3..1a54563a5e5 100644 --- a/2017/16xxx/CVE-2017-16797.json +++ b/2017/16xxx/CVE-2017-16797.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and application crash) or possibly have unspecified other impact via a crafted PNG file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/matthiaskramm/swftools/issues/51", - "refsource" : "MISC", - "url" : "https://github.com/matthiaskramm/swftools/issues/51" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and application crash) or possibly have unspecified other impact via a crafted PNG file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/matthiaskramm/swftools/issues/51", + "refsource": "MISC", + "url": "https://github.com/matthiaskramm/swftools/issues/51" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1555.json b/2017/1xxx/CVE-2017-1555.json index 8cefc12b597..7f73bb0b2ad 100644 --- a/2017/1xxx/CVE-2017-1555.json +++ b/2017/1xxx/CVE-2017-1555.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-09-21T00:00:00", - "ID" : "CVE-2017-1555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "API Connect", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.1.0" - }, - { - "version_value" : "5.0.0.0" - }, - { - "version_value" : "5.0.0.1" - }, - { - "version_value" : "5.0.2.0" - }, - { - "version_value" : "5.0.5.0" - }, - { - "version_value" : "5.0.6.0" - }, - { - "version_value" : "5.0.6.1" - }, - { - "version_value" : "5.0.6.2" - }, - { - "version_value" : "5.0.7.0" - }, - { - "version_value" : "5.0.7.1" - }, - { - "version_value" : "5.0.3.0" - }, - { - "version_value" : "5.0.4.0" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.7.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Bypass Security" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-09-21T00:00:00", + "ID": "CVE-2017-1555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "API Connect", + "version": { + "version_data": [ + { + "version_value": "5.0.1.0" + }, + { + "version_value": "5.0.0.0" + }, + { + "version_value": "5.0.0.1" + }, + { + "version_value": "5.0.2.0" + }, + { + "version_value": "5.0.5.0" + }, + { + "version_value": "5.0.6.0" + }, + { + "version_value": "5.0.6.1" + }, + { + "version_value": "5.0.6.2" + }, + { + "version_value": "5.0.7.0" + }, + { + "version_value": "5.0.7.1" + }, + { + "version_value": "5.0.3.0" + }, + { + "version_value": "5.0.4.0" + }, + { + "version_value": "5.0" + }, + { + "version_value": "5.0.7.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/131545", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/131545" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22008588", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22008588" - }, - { - "name" : "100973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100973" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Bypass Security" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131545", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131545" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22008588", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22008588" + }, + { + "name": "100973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100973" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4772.json b/2017/4xxx/CVE-2017-4772.json index 25fc4175465..ce62afb364a 100644 --- a/2017/4xxx/CVE-2017-4772.json +++ b/2017/4xxx/CVE-2017-4772.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4772", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4772", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4874.json b/2017/4xxx/CVE-2017-4874.json index d71b6023ea6..3e189d8a155 100644 --- a/2017/4xxx/CVE-2017-4874.json +++ b/2017/4xxx/CVE-2017-4874.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4874", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4874", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4995.json b/2017/4xxx/CVE-2017-4995.json index bde5660ecbd..82719ac6ea6 100644 --- a/2017/4xxx/CVE-2017-4995.json +++ b/2017/4xxx/CVE-2017-4995.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-4995", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Spring Security Spring Security 4.2.0.RELEASE 4.2.2.RELEASE and Spring Security 5.0.0.M1", - "version" : { - "version_data" : [ - { - "version_value" : "Spring Security Spring Security 4.2.0.RELEASE 4.2.2.RELEASE and Spring Security 5.0.0.M1" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known \"deserialization gadgets.\" Spring Security configures Jackson with global default typing enabled, which means that (through the previous exploit) arbitrary code could be executed if all of the following is true: (1) Spring Security's Jackson support is being leveraged by invoking SecurityJackson2Modules.getModules(ClassLoader) or SecurityJackson2Modules.enableDefaultTyping(ObjectMapper); (2) Jackson is used to deserialize data that is not trusted (Spring Security does not perform deserialization using Jackson, so this is an explicit choice of the user); and (3) there is an unknown (Jackson is not blacklisting it already) \"deserialization gadget\" that allows code execution present on the classpath. Jackson provides a blacklisting approach to protecting against this type of attack, but Spring Security should be proactive against blocking unknown \"deserialization gadgets\" when Spring Security enables default typing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-4995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spring Security Spring Security 4.2.0.RELEASE 4.2.2.RELEASE and Spring Security 5.0.0.M1", + "version": { + "version_data": [ + { + "version_value": "Spring Security Spring Security 4.2.0.RELEASE 4.2.2.RELEASE and Spring Security 5.0.0.M1" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pivotal.io/security/cve-2017-4995", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2017-4995" - }, - { - "name" : "99080", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known \"deserialization gadgets.\" Spring Security configures Jackson with global default typing enabled, which means that (through the previous exploit) arbitrary code could be executed if all of the following is true: (1) Spring Security's Jackson support is being leveraged by invoking SecurityJackson2Modules.getModules(ClassLoader) or SecurityJackson2Modules.enableDefaultTyping(ObjectMapper); (2) Jackson is used to deserialize data that is not trusted (Spring Security does not perform deserialization using Jackson, so this is an explicit choice of the user); and (3) there is an unknown (Jackson is not blacklisting it already) \"deserialization gadget\" that allows code execution present on the classpath. Jackson provides a blacklisting approach to protecting against this type of attack, but Spring Security should be proactive against blocking unknown \"deserialization gadgets\" when Spring Security enables default typing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pivotal.io/security/cve-2017-4995", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2017-4995" + }, + { + "name": "99080", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99080" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5294.json b/2018/5xxx/CVE-2018-5294.json index 97627782ced..ebd22a4a05f 100644 --- a/2018/5xxx/CVE-2018-5294.json +++ b/2018/5xxx/CVE-2018-5294.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUInt32 function (util/read.c). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180311 [SECURITY] [DLA 1305-1] ming security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00008.html" - }, - { - "name" : "https://github.com/libming/libming/issues/98", - "refsource" : "MISC", - "url" : "https://github.com/libming/libming/issues/98" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUInt32 function (util/read.c). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180311 [SECURITY] [DLA 1305-1] ming security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00008.html" + }, + { + "name": "https://github.com/libming/libming/issues/98", + "refsource": "MISC", + "url": "https://github.com/libming/libming/issues/98" + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5480.json b/2018/5xxx/CVE-2018-5480.json index 903c371ee5d..01db5732361 100644 --- a/2018/5xxx/CVE-2018-5480.json +++ b/2018/5xxx/CVE-2018-5480.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5480", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5480", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5795.json b/2018/5xxx/CVE-2018-5795.json index c3cfcb1e123..54076dad96f 100644 --- a/2018/5xxx/CVE-2018-5795.json +++ b/2018/5xxx/CVE-2018-5795.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Arbitrary File Write from the WebGUI on the WiNG Access Point / Controller." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003", - "refsource" : "CONFIRM", - "url" : "https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Arbitrary File Write from the WebGUI on the WiNG Access Point / Controller." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003", + "refsource": "CONFIRM", + "url": "https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003" + } + ] + } +} \ No newline at end of file