From 02ec11aeafa150af26ec7552485be6a578c30d39 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:44:55 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/1xxx/CVE-2001-1196.json | 150 ++++++------- 2006/2xxx/CVE-2006-2266.json | 160 ++++++------- 2006/2xxx/CVE-2006-2281.json | 180 +++++++-------- 2006/2xxx/CVE-2006-2598.json | 34 +-- 2006/2xxx/CVE-2006-2755.json | 170 +++++++------- 2006/2xxx/CVE-2006-2888.json | 160 ++++++------- 2006/2xxx/CVE-2006-2896.json | 180 +++++++-------- 2006/3xxx/CVE-2006-3368.json | 170 +++++++------- 2006/3xxx/CVE-2006-3423.json | 220 +++++++++--------- 2006/3xxx/CVE-2006-3664.json | 180 +++++++-------- 2006/3xxx/CVE-2006-3814.json | 200 ++++++++--------- 2006/6xxx/CVE-2006-6111.json | 200 ++++++++--------- 2006/6xxx/CVE-2006-6398.json | 130 +++++------ 2006/6xxx/CVE-2006-6979.json | 200 ++++++++--------- 2006/7xxx/CVE-2006-7240.json | 120 +++++----- 2011/0xxx/CVE-2011-0156.json | 180 +++++++-------- 2011/0xxx/CVE-2011-0207.json | 140 ++++++------ 2011/0xxx/CVE-2011-0561.json | 310 ++++++++++++------------- 2011/0xxx/CVE-2011-0685.json | 210 ++++++++--------- 2011/0xxx/CVE-2011-0763.json | 34 +-- 2011/1xxx/CVE-2011-1113.json | 160 ++++++------- 2011/1xxx/CVE-2011-1446.json | 170 +++++++------- 2011/2xxx/CVE-2011-2228.json | 34 +-- 2011/3xxx/CVE-2011-3092.json | 190 ++++++++-------- 2011/3xxx/CVE-2011-3131.json | 180 +++++++-------- 2011/4xxx/CVE-2011-4263.json | 130 +++++------ 2011/4xxx/CVE-2011-4336.json | 34 +-- 2011/4xxx/CVE-2011-4457.json | 130 +++++------ 2011/4xxx/CVE-2011-4514.json | 130 +++++------ 2011/4xxx/CVE-2011-4803.json | 120 +++++----- 2013/1xxx/CVE-2013-1318.json | 140 ++++++------ 2013/5xxx/CVE-2013-5136.json | 120 +++++----- 2013/5xxx/CVE-2013-5146.json | 34 +-- 2013/5xxx/CVE-2013-5443.json | 130 +++++------ 2013/5xxx/CVE-2013-5925.json | 34 +-- 2014/2xxx/CVE-2014-2217.json | 120 +++++----- 2014/2xxx/CVE-2014-2346.json | 140 ++++++------ 2014/2xxx/CVE-2014-2532.json | 350 ++++++++++++++--------------- 2014/2xxx/CVE-2014-2550.json | 140 ++++++------ 2014/2xxx/CVE-2014-2633.json | 180 +++++++-------- 2014/2xxx/CVE-2014-2980.json | 190 ++++++++-------- 2014/6xxx/CVE-2014-6856.json | 140 ++++++------ 2014/7xxx/CVE-2014-7499.json | 140 ++++++------ 2017/0xxx/CVE-2017-0089.json | 150 ++++++------- 2017/0xxx/CVE-2017-0309.json | 120 +++++----- 2017/0xxx/CVE-2017-0682.json | 132 +++++------ 2017/1000xxx/CVE-2017-1000150.json | 124 +++++----- 2017/1000xxx/CVE-2017-1000443.json | 134 +++++------ 2017/18xxx/CVE-2017-18084.json | 132 +++++------ 2017/18xxx/CVE-2017-18286.json | 120 +++++----- 2017/1xxx/CVE-2017-1185.json | 34 +-- 2017/1xxx/CVE-2017-1195.json | 162 ++++++------- 2017/1xxx/CVE-2017-1231.json | 226 +++++++++---------- 2017/4xxx/CVE-2017-4585.json | 34 +-- 2017/4xxx/CVE-2017-4811.json | 34 +-- 2017/4xxx/CVE-2017-4899.json | 140 ++++++------ 2017/5xxx/CVE-2017-5393.json | 152 ++++++------- 57 files changed, 4079 insertions(+), 4079 deletions(-) diff --git a/2001/1xxx/CVE-2001-1196.json b/2001/1xxx/CVE-2001-1196.json index 87beb4cb4a7..170eb2824cd 100644 --- a/2001/1xxx/CVE-2001-1196.json +++ b/2001/1xxx/CVE-2001-1196.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011217 webmin 0.91 ../.. problem", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/245980" - }, - { - "name" : "20011218 Re: webmin 0.91 ../.. problem", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=webmin-l&m=100865390306103&w=2" - }, - { - "name" : "3698", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3698" - }, - { - "name" : "webmin-dot-directory-traversal(7711)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7711.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "webmin-dot-directory-traversal(7711)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7711.php" + }, + { + "name": "20011217 webmin 0.91 ../.. problem", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/245980" + }, + { + "name": "3698", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3698" + }, + { + "name": "20011218 Re: webmin 0.91 ../.. problem", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=webmin-l&m=100865390306103&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2266.json b/2006/2xxx/CVE-2006-2266.json index bd7b1fbe1a0..e934746629f 100644 --- a/2006/2xxx/CVE-2006-2266.json +++ b/2006/2xxx/CVE-2006-2266.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2266", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Chirpy! 0.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://archives.neohapsis.com/archives/apps/freshmeat/2006-05/0002.html", - "refsource" : "CONFIRM", - "url" : "http://archives.neohapsis.com/archives/apps/freshmeat/2006-05/0002.html" - }, - { - "name" : "17957", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17957" - }, - { - "name" : "ADV-2006-1777", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1777" - }, - { - "name" : "25194", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25194" - }, - { - "name" : "chirpy-script-sql-injection(26418)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Chirpy! 0.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1777", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1777" + }, + { + "name": "25194", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25194" + }, + { + "name": "http://archives.neohapsis.com/archives/apps/freshmeat/2006-05/0002.html", + "refsource": "CONFIRM", + "url": "http://archives.neohapsis.com/archives/apps/freshmeat/2006-05/0002.html" + }, + { + "name": "chirpy-script-sql-injection(26418)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26418" + }, + { + "name": "17957", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17957" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2281.json b/2006/2xxx/CVE-2006-2281.json index ccc44a2afa4..a512d21c080 100644 --- a/2006/2xxx/CVE-2006-2281.json +++ b/2006/2xxx/CVE-2006-2281.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "X-Scripts X-Poll (xpoll) 2.30 allows remote attackers to execute arbitrary PHP code by using admin/images/add.php to upload a PHP file, then access it." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060507 X-POLL admin By-Pass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433220/100/0/threaded" - }, - { - "name" : "\"X-POLL admin By-Pass\" - standard PHP upload?", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2006-May/000752.html" - }, - { - "name" : "17901", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17901" - }, - { - "name" : "ADV-2006-1732", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1732" - }, - { - "name" : "20057", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20057" - }, - { - "name" : "872", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/872" - }, - { - "name" : "xpoll-add-file-upload(26363)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "X-Scripts X-Poll (xpoll) 2.30 allows remote attackers to execute arbitrary PHP code by using admin/images/add.php to upload a PHP file, then access it." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "xpoll-add-file-upload(26363)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26363" + }, + { + "name": "17901", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17901" + }, + { + "name": "\"X-POLL admin By-Pass\" - standard PHP upload?", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2006-May/000752.html" + }, + { + "name": "872", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/872" + }, + { + "name": "20057", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20057" + }, + { + "name": "20060507 X-POLL admin By-Pass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433220/100/0/threaded" + }, + { + "name": "ADV-2006-1732", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1732" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2598.json b/2006/2xxx/CVE-2006-2598.json index 5bee0f8c73f..004042d4d11 100644 --- a/2006/2xxx/CVE-2006-2598.json +++ b/2006/2xxx/CVE-2006-2598.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2598", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2586. Reason: This candidate is a duplicate of CVE-2006-2586. Notes: All CVE users should reference CVE-2006-2586 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-2598", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2586. Reason: This candidate is a duplicate of CVE-2006-2586. Notes: All CVE users should reference CVE-2006-2586 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2755.json b/2006/2xxx/CVE-2006-2755.json index 4e030b50fb4..3fb479d9ecd 100644 --- a/2006/2xxx/CVE-2006-2755.json +++ b/2006/2xxx/CVE-2006-2755.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060528 Advisory: UBBThreads 5.x,6.x Multiple File InclusionVulnerabilities.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435288/100/0/threaded" - }, - { - "name" : "20060529 UBBThreads 5.x,6.x md5 hash disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435296/100/0/threaded" - }, - { - "name" : "http://www.nukedx.com/?viewdoc=40", - "refsource" : "MISC", - "url" : "http://www.nukedx.com/?viewdoc=40" - }, - { - "name" : "18152", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18152" - }, - { - "name" : "1007", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1007" - }, - { - "name" : "ubbthreads-index-xss(26870)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1007", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1007" + }, + { + "name": "20060528 Advisory: UBBThreads 5.x,6.x Multiple File InclusionVulnerabilities.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435288/100/0/threaded" + }, + { + "name": "ubbthreads-index-xss(26870)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26870" + }, + { + "name": "20060529 UBBThreads 5.x,6.x md5 hash disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435296/100/0/threaded" + }, + { + "name": "http://www.nukedx.com/?viewdoc=40", + "refsource": "MISC", + "url": "http://www.nukedx.com/?viewdoc=40" + }, + { + "name": "18152", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18152" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2888.json b/2006/2xxx/CVE-2006-2888.json index d515ffd107e..a35e2059cb3 100644 --- a/2006/2xxx/CVE-2006-2888.json +++ b/2006/2xxx/CVE-2006-2888.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WK[wkPath] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1883", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1883" - }, - { - "name" : "18291", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18291" - }, - { - "name" : "ADV-2006-2167", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2167" - }, - { - "name" : "20487", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20487" - }, - { - "name" : "wikiwig-wklang-file-include(26942)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26942" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WK[wkPath] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wikiwig-wklang-file-include(26942)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26942" + }, + { + "name": "20487", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20487" + }, + { + "name": "18291", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18291" + }, + { + "name": "1883", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1883" + }, + { + "name": "ADV-2006-2167", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2167" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2896.json b/2006/2xxx/CVE-2006-2896.json index 24ae2d5e388..92eef7a8da2 100644 --- a/2006/2xxx/CVE-2006-2896.json +++ b/2006/2xxx/CVE-2006-2896.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060605 FunkBoard CF0.71 (profile.php) Remote User Pass Change Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435987/100/0/threaded" - }, - { - "name" : "http://www.funkboard.co.uk/forum/thread.php?id=302", - "refsource" : "CONFIRM", - "url" : "http://www.funkboard.co.uk/forum/thread.php?id=302" - }, - { - "name" : "1875", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1875" - }, - { - "name" : "ADV-2006-2158", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2158" - }, - { - "name" : "20433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20433" - }, - { - "name" : "1066", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1066" - }, - { - "name" : "funkboard-profile-password-modification(26912)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.funkboard.co.uk/forum/thread.php?id=302", + "refsource": "CONFIRM", + "url": "http://www.funkboard.co.uk/forum/thread.php?id=302" + }, + { + "name": "1875", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1875" + }, + { + "name": "funkboard-profile-password-modification(26912)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26912" + }, + { + "name": "1066", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1066" + }, + { + "name": "20060605 FunkBoard CF0.71 (profile.php) Remote User Pass Change Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435987/100/0/threaded" + }, + { + "name": "ADV-2006-2158", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2158" + }, + { + "name": "20433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20433" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3368.json b/2006/3xxx/CVE-2006-3368.json index 84a781dba08..21c2e08ae11 100644 --- a/2006/3xxx/CVE-2006-3368.json +++ b/2006/3xxx/CVE-2006-3368.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Efone 20000723 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060703 5 php scripts remote database password disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438964/100/0/threaded" - }, - { - "name" : "18811", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18811" - }, - { - "name" : "ADV-2006-2664", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2664" - }, - { - "name" : "20902", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20902" - }, - { - "name" : "1192", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1192" - }, - { - "name" : "efone-config-information-disclosure(27574)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27574" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Efone 20000723 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "efone-config-information-disclosure(27574)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27574" + }, + { + "name": "1192", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1192" + }, + { + "name": "20902", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20902" + }, + { + "name": "20060703 5 php scripts remote database password disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438964/100/0/threaded" + }, + { + "name": "18811", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18811" + }, + { + "name": "ADV-2006-2664", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2664" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3423.json b/2006/3xxx/CVE-2006-3423.json index 09fe45ea0c6..c6bb78c5c80 100644 --- a/2006/3xxx/CVE-2006-3423.json +++ b/2006/3xxx/CVE-2006-3423.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebEx Downloader ActiveX Control and WebEx Downloader Java before 2.1.0.0 do not validate downloaded components, which allows remote attackers to execute arbitrary code via a website that activates the GpcUrlRoot and GpcIniFileName ActiveX controls to cause the client to download a DLL file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060706 WebEx ActiveX Control DLL Injection", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/xforce/alerts/id/226" - }, - { - "name" : "20060707 ZDI-06-021: WebEx Downloader Plug-in Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439496/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-021.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-021.html" - }, - { - "name" : "http://www.webex.com/lp/security/ActiveAdv.html?TrackID=123456", - "refsource" : "CONFIRM", - "url" : "http://www.webex.com/lp/security/ActiveAdv.html?TrackID=123456" - }, - { - "name" : "18860", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18860" - }, - { - "name" : "ADV-2006-2688", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2688" - }, - { - "name" : "27039", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27039" - }, - { - "name" : "27040", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27040" - }, - { - "name" : "1016446", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016446" - }, - { - "name" : "20956", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20956" - }, - { - "name" : "web-conferencing-code-injection(24370)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebEx Downloader ActiveX Control and WebEx Downloader Java before 2.1.0.0 do not validate downloaded components, which allows remote attackers to execute arbitrary code via a website that activates the GpcUrlRoot and GpcIniFileName ActiveX controls to cause the client to download a DLL file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2688", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2688" + }, + { + "name": "1016446", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016446" + }, + { + "name": "20956", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20956" + }, + { + "name": "20060706 WebEx ActiveX Control DLL Injection", + "refsource": "ISS", + "url": "http://xforce.iss.net/xforce/alerts/id/226" + }, + { + "name": "web-conferencing-code-injection(24370)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24370" + }, + { + "name": "20060707 ZDI-06-021: WebEx Downloader Plug-in Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439496/100/0/threaded" + }, + { + "name": "27040", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27040" + }, + { + "name": "18860", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18860" + }, + { + "name": "http://www.webex.com/lp/security/ActiveAdv.html?TrackID=123456", + "refsource": "CONFIRM", + "url": "http://www.webex.com/lp/security/ActiveAdv.html?TrackID=123456" + }, + { + "name": "27039", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27039" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-021.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-021.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3664.json b/2006/3xxx/CVE-2006-3664.json index 302e5c2d7ec..c5234f67699 100644 --- a/2006/3xxx/CVE-2006-3664.json +++ b/2006/3xxx/CVE-2006-3664.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 allows local and remote attackers to cause a denial of service (ypserv hang) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "102462", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102462-1" - }, - { - "name" : "18972", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18972" - }, - { - "name" : "ADV-2006-2799", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2799" - }, - { - "name" : "oval:org.mitre.oval:def:1921", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1921" - }, - { - "name" : "1016494", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016494" - }, - { - "name" : "21047", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21047" - }, - { - "name" : "solaris-ypserv-dos(27722)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27722" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 allows local and remote attackers to cause a denial of service (ypserv hang) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21047", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21047" + }, + { + "name": "oval:org.mitre.oval:def:1921", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1921" + }, + { + "name": "solaris-ypserv-dos(27722)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27722" + }, + { + "name": "18972", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18972" + }, + { + "name": "102462", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102462-1" + }, + { + "name": "ADV-2006-2799", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2799" + }, + { + "name": "1016494", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016494" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3814.json b/2006/3xxx/CVE-2006-3814.json index 03d69ee6b70..fb58f6d7b5f 100644 --- a/2006/3xxx/CVE-2006-3814.json +++ b/2006/3xxx/CVE-2006-3814.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Loader_XM::load_instrument_internal function in loader_xm.cpp for Cheese Tracker 0.9.9 and earlier allows user-assisted attackers to execute arbitrary code via a crafted file with a large amount of extra data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060723 Buffer-overflow in the XM loader of Cheese Tracker 0.9.9", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440962/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/cheesebof-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/cheesebof-adv.txt" - }, - { - "name" : "DSA-1166", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1166" - }, - { - "name" : "GLSA-200610-13", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200610-13.xml" - }, - { - "name" : "19115", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19115" - }, - { - "name" : "21759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21759" - }, - { - "name" : "22643", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22643" - }, - { - "name" : "1291", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1291" - }, - { - "name" : "cheesetronic-loaderxm-bo(27957)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27957" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Loader_XM::load_instrument_internal function in loader_xm.cpp for Cheese Tracker 0.9.9 and earlier allows user-assisted attackers to execute arbitrary code via a crafted file with a large amount of extra data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19115", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19115" + }, + { + "name": "1291", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1291" + }, + { + "name": "http://aluigi.altervista.org/adv/cheesebof-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/cheesebof-adv.txt" + }, + { + "name": "21759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21759" + }, + { + "name": "GLSA-200610-13", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-13.xml" + }, + { + "name": "20060723 Buffer-overflow in the XM loader of Cheese Tracker 0.9.9", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440962/100/0/threaded" + }, + { + "name": "DSA-1166", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1166" + }, + { + "name": "cheesetronic-loaderxm-bo(27957)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27957" + }, + { + "name": "22643", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22643" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6111.json b/2006/6xxx/CVE-2006-6111.json index d18c1ac310e..481ba306663 100644 --- a/2006/6xxx/CVE-2006-6111.json +++ b/2006/6xxx/CVE-2006-6111.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in product.asp or (2) search parameter in search.asp. NOTE: the category.asp vector is already covered by CVE-2004-1873." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061114 A-Cart pro[ injection sql (post&get)]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451594/100/100/threaded" - }, - { - "name" : "20061118 A-Cart PRO SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452006/100/0/threaded" - }, - { - "name" : "20061118 Re: A-Cart PRO SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452023/100/0/threaded" - }, - { - "name" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=27", - "refsource" : "MISC", - "url" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=27" - }, - { - "name" : "21166", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21166" - }, - { - "name" : "32750", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32750" - }, - { - "name" : "32751", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32751" - }, - { - "name" : "acart-category-product-sql-injection(30279)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30279" - }, - { - "name" : "acart-search-sql-injection(30280)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in product.asp or (2) search parameter in search.asp. NOTE: the category.asp vector is already covered by CVE-2004-1873." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061118 Re: A-Cart PRO SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452023/100/0/threaded" + }, + { + "name": "32751", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32751" + }, + { + "name": "20061114 A-Cart pro[ injection sql (post&get)]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451594/100/100/threaded" + }, + { + "name": "acart-category-product-sql-injection(30279)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30279" + }, + { + "name": "acart-search-sql-injection(30280)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30280" + }, + { + "name": "21166", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21166" + }, + { + "name": "20061118 A-Cart PRO SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452006/100/0/threaded" + }, + { + "name": "http://s-a-p.ca/index.php?page=OurAdvisories&id=27", + "refsource": "MISC", + "url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=27" + }, + { + "name": "32750", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32750" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6398.json b/2006/6xxx/CVE-2006-6398.json index 81f6b2cf993..32c7a6af579 100644 --- a/2006/6xxx/CVE-2006-6398.json +++ b/2006/6xxx/CVE-2006-6398.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Superfreaker Studios UPublisher 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (a) sendarticle.asp and (b) printarticle.asp, and the ID parameter to (c) index.asp and (d) preferences.asp, different vectors than CVE-2006-5888." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061204 Re: UPublisher Exploit - Superfreaker", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453462/100/0/threaded" - }, - { - "name" : "22840", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Superfreaker Studios UPublisher 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (a) sendarticle.asp and (b) printarticle.asp, and the ID parameter to (c) index.asp and (d) preferences.asp, different vectors than CVE-2006-5888." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22840", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22840" + }, + { + "name": "20061204 Re: UPublisher Exploit - Superfreaker", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453462/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6979.json b/2006/6xxx/CVE-2006-6979.json index a500d4d16fa..dc18ec0ad89 100644 --- a/2006/6xxx/CVE-2006-6979.json +++ b/2006/6xxx/CVE-2006-6979.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.kde.org/show_bug.cgi?id=138499", - "refsource" : "MISC", - "url" : "http://bugs.kde.org/show_bug.cgi?id=138499" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=166901", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=166901" - }, - { - "name" : "GLSA-200703-11", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200703-11.xml" - }, - { - "name" : "SUSE-SR:2007:002", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html" - }, - { - "name" : "22568", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22568" - }, - { - "name" : "ADV-2007-0613", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0613" - }, - { - "name" : "23984", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23984" - }, - { - "name" : "24159", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24159" - }, - { - "name" : "24510", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24510" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23984", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23984" + }, + { + "name": "ADV-2007-0613", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0613" + }, + { + "name": "SUSE-SR:2007:002", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=166901", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=166901" + }, + { + "name": "24510", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24510" + }, + { + "name": "22568", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22568" + }, + { + "name": "http://bugs.kde.org/show_bug.cgi?id=138499", + "refsource": "MISC", + "url": "http://bugs.kde.org/show_bug.cgi?id=138499" + }, + { + "name": "GLSA-200703-11", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200703-11.xml" + }, + { + "name": "24159", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24159" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7240.json b/2006/7xxx/CVE-2006-7240.json index 323ab1cf84f..dc7bff43ecc 100644 --- a/2006/7xxx/CVE-2006-7240.json +++ b/2006/7xxx/CVE-2006-7240.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/gnome-power-manager/+bug/42052", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/gnome-power-manager/+bug/42052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/ubuntu/+source/gnome-power-manager/+bug/42052", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/gnome-power-manager/+bug/42052" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0156.json b/2011/0xxx/CVE-2011-0156.json index c3d0a2ad816..79522d8aa8a 100644 --- a/2011/0xxx/CVE-2011-0156.json +++ b/2011/0xxx/CVE-2011-0156.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4554", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4554" - }, - { - "name" : "http://support.apple.com/kb/HT4564", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4564" - }, - { - "name" : "http://support.apple.com/kb/HT4566", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4566" - }, - { - "name" : "APPLE-SA-2011-03-02-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-03-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" - }, - { - "name" : "APPLE-SA-2011-03-09-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" - }, - { - "name" : "oval:org.mitre.oval:def:17191", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4564", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4564" + }, + { + "name": "http://support.apple.com/kb/HT4566", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4566" + }, + { + "name": "oval:org.mitre.oval:def:17191", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17191" + }, + { + "name": "APPLE-SA-2011-03-02-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" + }, + { + "name": "APPLE-SA-2011-03-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT4554", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4554" + }, + { + "name": "APPLE-SA-2011-03-09-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0207.json b/2011/0xxx/CVE-2011-0207.json index c857f616fc6..21ac65bf4a8 100644 --- a/2011/0xxx/CVE-2011-0207.json +++ b/2011/0xxx/CVE-2011-0207.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4723", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4723" - }, - { - "name" : "APPLE-SA-2011-06-23-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" - }, - { - "name" : "48444", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4723", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4723" + }, + { + "name": "APPLE-SA-2011-06-23-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" + }, + { + "name": "48444", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48444" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0561.json b/2011/0xxx/CVE-2011-0561.json index 4e7be461224..f8dd5933bf5 100644 --- a/2011/0xxx/CVE-2011-0561.json +++ b/2011/0xxx/CVE-2011-0561.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-0561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-02.html" - }, - { - "name" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash2", - "refsource" : "CONFIRM", - "url" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash2" - }, - { - "name" : "RHSA-2011:0206", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0206.html" - }, - { - "name" : "RHSA-2011:0259", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0259.html" - }, - { - "name" : "RHSA-2011:0368", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0368.html" - }, - { - "name" : "SUSE-SA:2011:009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00003.html" - }, - { - "name" : "VU#812969", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/812969" - }, - { - "name" : "46189", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46189" - }, - { - "name" : "oval:org.mitre.oval:def:14169", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14169" - }, - { - "name" : "oval:org.mitre.oval:def:15930", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15930" - }, - { - "name" : "1025055", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025055" - }, - { - "name" : "43267", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43267" - }, - { - "name" : "43292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43292" - }, - { - "name" : "43340", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43340" - }, - { - "name" : "43351", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43351" - }, - { - "name" : "43747", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43747" - }, - { - "name" : "ADV-2011-0348", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0348" - }, - { - "name" : "ADV-2011-0383", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0383" - }, - { - "name" : "ADV-2011-0402", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0402" - }, - { - "name" : "ADV-2011-0646", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0646" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0348", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0348" + }, + { + "name": "1025055", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025055" + }, + { + "name": "ADV-2011-0646", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0646" + }, + { + "name": "VU#812969", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/812969" + }, + { + "name": "43267", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43267" + }, + { + "name": "43292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43292" + }, + { + "name": "46189", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46189" + }, + { + "name": "43351", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43351" + }, + { + "name": "oval:org.mitre.oval:def:14169", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14169" + }, + { + "name": "43340", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43340" + }, + { + "name": "ADV-2011-0383", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0383" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-02.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-02.html" + }, + { + "name": "oval:org.mitre.oval:def:15930", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15930" + }, + { + "name": "43747", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43747" + }, + { + "name": "ADV-2011-0402", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0402" + }, + { + "name": "RHSA-2011:0259", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0259.html" + }, + { + "name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash2", + "refsource": "CONFIRM", + "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash2" + }, + { + "name": "RHSA-2011:0206", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0206.html" + }, + { + "name": "SUSE-SA:2011:009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00003.html" + }, + { + "name": "RHSA-2011:0368", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0368.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0685.json b/2011/0xxx/CVE-2011-0685.json index 1d07733c0cf..6314f310109 100644 --- a/2011/0xxx/CVE-2011-0685.json +++ b/2011/0xxx/CVE-2011-0685.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Delete Private Data feature in Opera before 11.01 does not properly implement the \"Clear all email account passwords\" option, which might allow physically proximate attackers to access an e-mail account via an unattended workstation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1101/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1101/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1101/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1101/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1101/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1101/" - }, - { - "name" : "http://www.opera.com/support/kb/view/986/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/986/" - }, - { - "name" : "46036", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46036" - }, - { - "name" : "70731", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70731" - }, - { - "name" : "oval:org.mitre.oval:def:12507", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12507" - }, - { - "name" : "43023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43023" - }, - { - "name" : "ADV-2011-0231", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0231" - }, - { - "name" : "opera-passwords-sec-bypass(65018)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Delete Private Data feature in Opera before 11.01 does not properly implement the \"Clear all email account passwords\" option, which might allow physically proximate attackers to access an e-mail account via an unattended workstation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/windows/1101/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1101/" + }, + { + "name": "oval:org.mitre.oval:def:12507", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12507" + }, + { + "name": "http://www.opera.com/support/kb/view/986/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/986/" + }, + { + "name": "ADV-2011-0231", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0231" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1101/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1101/" + }, + { + "name": "46036", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46036" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1101/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1101/" + }, + { + "name": "opera-passwords-sec-bypass(65018)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65018" + }, + { + "name": "70731", + "refsource": "OSVDB", + "url": "http://osvdb.org/70731" + }, + { + "name": "43023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43023" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0763.json b/2011/0xxx/CVE-2011-0763.json index 2677a700173..97ca0976752 100644 --- a/2011/0xxx/CVE-2011-0763.json +++ b/2011/0xxx/CVE-2011-0763.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0763", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0763", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1113.json b/2011/1xxx/CVE-2011-1113.json index 1e196729ba3..d6596d72c43 100644 --- a/2011/1xxx/CVE-2011-1113.json +++ b/2011/1xxx/CVE-2011-1113.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not properly perform pickle deserialization, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=70376", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=70376" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html" - }, - { - "name" : "46614", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46614" - }, - { - "name" : "oval:org.mitre.oval:def:13935", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13935" - }, - { - "name" : "google-chrome-pickle-dos(65731)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65731" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not properly perform pickle deserialization, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "google-chrome-pickle-dos(65731)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65731" + }, + { + "name": "46614", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46614" + }, + { + "name": "oval:org.mitre.oval:def:13935", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13935" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=70376", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=70376" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1446.json b/2011/1xxx/CVE-2011-1446.json index 3326e8a3291..b4c2a92353e 100644 --- a/2011/1xxx/CVE-2011-1446.json +++ b/2011/1xxx/CVE-2011-1446.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1446", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 11.0.696.57 allows remote attackers to spoof the URL bar via vectors involving (1) a navigation error or (2) an interrupted load." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1446", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=76666", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=76666" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=77507", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=77507" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=78031", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=78031" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14560", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14560" - }, - { - "name" : "chrome-navigation-spoofing(67153)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67153" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 11.0.696.57 allows remote attackers to spoof the URL bar via vectors involving (1) a navigation error or (2) an interrupted load." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=76666", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=76666" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html" + }, + { + "name": "oval:org.mitre.oval:def:14560", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14560" + }, + { + "name": "chrome-navigation-spoofing(67153)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67153" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=77507", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=77507" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=78031", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=78031" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2228.json b/2011/2xxx/CVE-2011-2228.json index c6b20284e8b..b450b69ba24 100644 --- a/2011/2xxx/CVE-2011-2228.json +++ b/2011/2xxx/CVE-2011-2228.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2228", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-2228", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3092.json b/2011/3xxx/CVE-2011-3092.json index 645d57a719a..3ade638125f 100644 --- a/2011/3xxx/CVE-2011-3092.json +++ b/2011/3xxx/CVE-2011-3092.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service (invalid write operation) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=122337", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=122337" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html" - }, - { - "name" : "GLSA-201205-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201205-03.xml" - }, - { - "name" : "openSUSE-SU-2012:0656", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html" - }, - { - "name" : "53540", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53540" - }, - { - "name" : "oval:org.mitre.oval:def:15610", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15610" - }, - { - "name" : "1027067", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027067" - }, - { - "name" : "chrome-v8regex-code-exec(75597)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service (invalid write operation) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201205-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201205-03.xml" + }, + { + "name": "oval:org.mitre.oval:def:15610", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15610" + }, + { + "name": "openSUSE-SU-2012:0656", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html" + }, + { + "name": "1027067", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027067" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html" + }, + { + "name": "53540", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53540" + }, + { + "name": "chrome-v8regex-code-exec(75597)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75597" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=122337", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=122337" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3131.json b/2011/3xxx/CVE-2011-3131.json index a5253d3bd01..38e31bad8a7 100644 --- a/2011/3xxx/CVE-2011-3131.json +++ b/2011/3xxx/CVE-2011-3131.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCI[E] device to cause a denial of service (CPU consumption and host hang) via many crafted DMA requests that are denied by the IOMMU, which triggers a livelock." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Xen-devel] 20110616 IOMMU faults", - "refsource" : "MLIST", - "url" : "http://old-list-archives.xen.org/archives/html/xen-devel/2011-06/msg01106.html" - }, - { - "name" : "[Xen-devel] 20110812 Xen Advisory 5 (CVE-2011-3131) IOMMU fault livelock", - "refsource" : "MLIST", - "url" : "http://old-list-archives.xen.org/archives/html/xen-devel/2011-08/msg00450.html" - }, - { - "name" : "http://xenbits.xen.org/hg/staging/xen-4.1-testing.hg/rev/84e3706df07a", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/hg/staging/xen-4.1-testing.hg/rev/84e3706df07a" - }, - { - "name" : "DSA-2582", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2582" - }, - { - "name" : "49146", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49146" - }, - { - "name" : "45622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45622" - }, - { - "name" : "51468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51468" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCI[E] device to cause a denial of service (CPU consumption and host hang) via many crafted DMA requests that are denied by the IOMMU, which triggers a livelock." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://xenbits.xen.org/hg/staging/xen-4.1-testing.hg/rev/84e3706df07a", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/hg/staging/xen-4.1-testing.hg/rev/84e3706df07a" + }, + { + "name": "DSA-2582", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2582" + }, + { + "name": "45622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45622" + }, + { + "name": "[Xen-devel] 20110812 Xen Advisory 5 (CVE-2011-3131) IOMMU fault livelock", + "refsource": "MLIST", + "url": "http://old-list-archives.xen.org/archives/html/xen-devel/2011-08/msg00450.html" + }, + { + "name": "51468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51468" + }, + { + "name": "[Xen-devel] 20110616 IOMMU faults", + "refsource": "MLIST", + "url": "http://old-list-archives.xen.org/archives/html/xen-devel/2011-06/msg01106.html" + }, + { + "name": "49146", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49146" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4263.json b/2011/4xxx/CVE-2011-4263.json index e550637ceb5..9bb54420da7 100644 --- a/2011/4xxx/CVE-2011-4263.json +++ b/2011/4xxx/CVE-2011-4263.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Schneider Electric PowerChute Business Edition before 8.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2011-4263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#61695284", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN61695284/index.html" - }, - { - "name" : "JVNDB-2011-000100", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000100" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Schneider Electric PowerChute Business Edition before 8.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2011-000100", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000100" + }, + { + "name": "JVN#61695284", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN61695284/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4336.json b/2011/4xxx/CVE-2011-4336.json index 929f03e9939..abd13941973 100644 --- a/2011/4xxx/CVE-2011-4336.json +++ b/2011/4xxx/CVE-2011-4336.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4336", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4336", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4457.json b/2011/4xxx/CVE-2011-4457.json index 50ab521e495..04875f8783f 100644 --- a/2011/4xxx/CVE-2011-4457.json +++ b/2011/4xxx/CVE-2011-4457.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/owasp-java-html-sanitizer/wiki/CVE20114457", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/owasp-java-html-sanitizer/wiki/CVE20114457" - }, - { - "name" : "http://owasp-java-html-sanitizer.googlecode.com/svn/trunk/CHANGE_LOG.html", - "refsource" : "CONFIRM", - "url" : "http://owasp-java-html-sanitizer.googlecode.com/svn/trunk/CHANGE_LOG.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://owasp-java-html-sanitizer.googlecode.com/svn/trunk/CHANGE_LOG.html", + "refsource": "CONFIRM", + "url": "http://owasp-java-html-sanitizer.googlecode.com/svn/trunk/CHANGE_LOG.html" + }, + { + "name": "http://code.google.com/p/owasp-java-html-sanitizer/wiki/CVE20114457", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/owasp-java-html-sanitizer/wiki/CVE20114457" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4514.json b/2011/4xxx/CVE-2011-4514.json index 8a318c4c09e..b12621d46ef 100644 --- a/2011/4xxx/CVE-2011-4514.json +++ b/2011/4xxx/CVE-2011-4514.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-4514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf" - }, - { - "name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4803.json b/2011/4xxx/CVE-2011-4803.json index 2841e86c48e..2b8da9c2c3b 100644 --- a/2011/4xxx/CVE-2011-4803.json +++ b/2011/4xxx/CVE-2011-4803.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18039", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18039" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18039", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18039" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1318.json b/2013/1xxx/CVE-2013-1318.json index fa4ed80b9ca..c01982558a9 100644 --- a/2013/1xxx/CVE-2013-1318.json +++ b/2013/1xxx/CVE-2013-1318.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka \"Publisher Corrupt Interface Pointer Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-1318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-042", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-042" - }, - { - "name" : "TA13-134A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-134A" - }, - { - "name" : "oval:org.mitre.oval:def:16682", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16682" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka \"Publisher Corrupt Interface Pointer Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA13-134A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-134A" + }, + { + "name": "oval:org.mitre.oval:def:16682", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16682" + }, + { + "name": "MS13-042", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-042" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5136.json b/2013/5xxx/CVE-2013-5136.json index 81e26689b6b..9671b19c867 100644 --- a/2013/5xxx/CVE-2013-5136.json +++ b/2013/5xxx/CVE-2013-5136.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-5136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2013-10-22-7", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2013-10-22-7", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5146.json b/2013/5xxx/CVE-2013-5146.json index f1fb5d65dda..69a36d5bf68 100644 --- a/2013/5xxx/CVE-2013-5146.json +++ b/2013/5xxx/CVE-2013-5146.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5146", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5146", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5443.json b/2013/5xxx/CVE-2013-5443.json index 2ca184ab02c..4e23b945c2b 100644 --- a/2013/5xxx/CVE-2013-5443.json +++ b/2013/5xxx/CVE-2013-5443.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to hijack the authentication of arbitrary users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-5443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21667626", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21667626" - }, - { - "name" : "ibm-cognos-cve20135443-csrf(87819)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87819" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to hijack the authentication of arbitrary users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-cognos-cve20135443-csrf(87819)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87819" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21667626", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667626" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5925.json b/2013/5xxx/CVE-2013-5925.json index a1eca0ae0c1..89ba414c4f8 100644 --- a/2013/5xxx/CVE-2013-5925.json +++ b/2013/5xxx/CVE-2013-5925.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5925", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5925", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2217.json b/2014/2xxx/CVE-2014-2217.json index 173f70715ab..30ddbc48c08 100644 --- a/2014/2xxx/CVE-2014-2217.json +++ b/2014/2xxx/CVE-2014-2217.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://itq.nl/arbitrary-file-write-in-telerik-ui-for-asp-net-ajax/", - "refsource" : "MISC", - "url" : "http://itq.nl/arbitrary-file-write-in-telerik-ui-for-asp-net-ajax/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://itq.nl/arbitrary-file-write-in-telerik-ui-for-asp-net-ajax/", + "refsource": "MISC", + "url": "http://itq.nl/arbitrary-file-write-in-telerik-ui-for-asp-net-ajax/" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2346.json b/2014/2xxx/CVE-2014-2346.json index 34b5d0a6481..cc42f6c5784 100644 --- a/2014/2xxx/CVE-2014-2346.json +++ b/2014/2xxx/CVE-2014-2346.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DNP3 Process Gateway (DNP3 outstation) 7.11 SP0 build 10238 and earlier allow physically proximate attackers to cause a denial of service (infinite loop and process crash) via crafted input over a serial line." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-2346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-154-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-154-01" - }, - { - "name" : "http://www.copadata.com/no_cache/en/support/knowledge-base-faq.html?tx_hrfaq_pi1%5Bknowledgebase%5D=813&tx_hrfaq_pi1%5Baction%5D=show&tx_hrfaq_pi1%5Bcontroller%5D=knowledgebase", - "refsource" : "CONFIRM", - "url" : "http://www.copadata.com/no_cache/en/support/knowledge-base-faq.html?tx_hrfaq_pi1%5Bknowledgebase%5D=813&tx_hrfaq_pi1%5Baction%5D=show&tx_hrfaq_pi1%5Bcontroller%5D=knowledgebase" - }, - { - "name" : "http://www.copadata.com/no_cache/en/support/knowledge-base-faq.html?tx_hrfaq_pi1%5Bknowledgebase%5D=814&tx_hrfaq_pi1%5Baction%5D=show&tx_hrfaq_pi1%5Bcontroller%5D=knowledgebase", - "refsource" : "CONFIRM", - "url" : "http://www.copadata.com/no_cache/en/support/knowledge-base-faq.html?tx_hrfaq_pi1%5Bknowledgebase%5D=814&tx_hrfaq_pi1%5Baction%5D=show&tx_hrfaq_pi1%5Bcontroller%5D=knowledgebase" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DNP3 Process Gateway (DNP3 outstation) 7.11 SP0 build 10238 and earlier allow physically proximate attackers to cause a denial of service (infinite loop and process crash) via crafted input over a serial line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.copadata.com/no_cache/en/support/knowledge-base-faq.html?tx_hrfaq_pi1%5Bknowledgebase%5D=814&tx_hrfaq_pi1%5Baction%5D=show&tx_hrfaq_pi1%5Bcontroller%5D=knowledgebase", + "refsource": "CONFIRM", + "url": "http://www.copadata.com/no_cache/en/support/knowledge-base-faq.html?tx_hrfaq_pi1%5Bknowledgebase%5D=814&tx_hrfaq_pi1%5Baction%5D=show&tx_hrfaq_pi1%5Bcontroller%5D=knowledgebase" + }, + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-154-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-154-01" + }, + { + "name": "http://www.copadata.com/no_cache/en/support/knowledge-base-faq.html?tx_hrfaq_pi1%5Bknowledgebase%5D=813&tx_hrfaq_pi1%5Baction%5D=show&tx_hrfaq_pi1%5Bcontroller%5D=knowledgebase", + "refsource": "CONFIRM", + "url": "http://www.copadata.com/no_cache/en/support/knowledge-base-faq.html?tx_hrfaq_pi1%5Bknowledgebase%5D=813&tx_hrfaq_pi1%5Baction%5D=show&tx_hrfaq_pi1%5Bcontroller%5D=knowledgebase" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2532.json b/2014/2xxx/CVE-2014-2532.json index f543a2f66b2..75759aeb6ae 100644 --- a/2014/2xxx/CVE-2014-2532.json +++ b/2014/2xxx/CVE-2014-2532.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[security-announce] 20140315 Announce: OpenSSH 6.6 released", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=openbsd-security-announce&m=139492048027313&w=2" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0143.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0143.html" - }, - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc" - }, - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "DSA-2894", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2894" - }, - { - "name" : "FEDORA-2014-6380", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html" - }, - { - "name" : "FEDORA-2014-6569", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html" - }, - { - "name" : "HPSBUX03188", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141576985122836&w=2" - }, - { - "name" : "SSRT101487", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141576985122836&w=2" - }, - { - "name" : "MDVSA-2014:068", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:068" - }, - { - "name" : "MDVSA-2015:095", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:095" - }, - { - "name" : "RHSA-2014:1552", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1552.html" - }, - { - "name" : "USN-2155-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2155-1" - }, - { - "name" : "66355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66355" - }, - { - "name" : "1029925", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029925" - }, - { - "name" : "57488", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57488" - }, - { - "name" : "57574", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57574" - }, - { - "name" : "59313", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59313" - }, - { - "name" : "59855", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59855" - }, - { - "name" : "openssh-cve20142532-sec-bypass(91986)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "59855", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59855" + }, + { + "name": "57574", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57574" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0143.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0143.html" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "HPSBUX03188", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141576985122836&w=2" + }, + { + "name": "SSRT101487", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141576985122836&w=2" + }, + { + "name": "57488", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57488" + }, + { + "name": "MDVSA-2015:095", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:095" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "59313", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59313" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + }, + { + "name": "FEDORA-2014-6380", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html" + }, + { + "name": "DSA-2894", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2894" + }, + { + "name": "RHSA-2014:1552", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1552.html" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc" + }, + { + "name": "1029925", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029925" + }, + { + "name": "[security-announce] 20140315 Announce: OpenSSH 6.6 released", + "refsource": "MLIST", + "url": "http://marc.info/?l=openbsd-security-announce&m=139492048027313&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" + }, + { + "name": "USN-2155-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2155-1" + }, + { + "name": "FEDORA-2014-6569", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html" + }, + { + "name": "openssh-cve20142532-sec-bypass(91986)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91986" + }, + { + "name": "MDVSA-2014:068", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:068" + }, + { + "name": "66355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66355" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2550.json b/2014/2xxx/CVE-2014-2550.json index 2d20ca2ca5f..c328dd7a58d 100644 --- a/2014/2xxx/CVE-2014-2550.json +++ b/2014/2xxx/CVE-2014-2550.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2550", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a request to the disable_comments_settings page to wp-admin/options-general.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2550", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security.dxw.com/advisories/csrf-in-disable-comments-1-0-3/", - "refsource" : "MISC", - "url" : "https://security.dxw.com/advisories/csrf-in-disable-comments-1-0-3/" - }, - { - "name" : "https://wordpress.org/plugins/disable-comments/#developers", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/disable-comments/#developers" - }, - { - "name" : "disable-comments-wordpress-csrf(92219)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a request to the disable_comments_settings page to wp-admin/options-general.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "disable-comments-wordpress-csrf(92219)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92219" + }, + { + "name": "https://security.dxw.com/advisories/csrf-in-disable-comments-1-0-3/", + "refsource": "MISC", + "url": "https://security.dxw.com/advisories/csrf-in-disable-comments-1-0-3/" + }, + { + "name": "https://wordpress.org/plugins/disable-comments/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/disable-comments/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2633.json b/2014/2xxx/CVE-2014-2633.json index d7ec1956176..90e1860c519 100644 --- a/2014/2xxx/CVE-2014-2633.json +++ b/2014/2xxx/CVE-2014-2633.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2014-2633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU03079", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04388127" - }, - { - "name" : "SSRT101654", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04388127" - }, - { - "name" : "69376", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69376" - }, - { - "name" : "1030756", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030756" - }, - { - "name" : "60028", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60028" - }, - { - "name" : "60714", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60714" - }, - { - "name" : "hp-service-cve20142633-csrf(95449)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95449" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69376", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69376" + }, + { + "name": "1030756", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030756" + }, + { + "name": "hp-service-cve20142633-csrf(95449)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95449" + }, + { + "name": "60028", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60028" + }, + { + "name": "60714", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60714" + }, + { + "name": "SSRT101654", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04388127" + }, + { + "name": "HPSBMU03079", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04388127" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2980.json b/2014/2xxx/CVE-2014-2980.json index c59d0eba195..9c55e51d756 100644 --- a/2014/2xxx/CVE-2014-2980.json +++ b/2014/2xxx/CVE-2014-2980.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run in daemon mode, does not properly handle the file descriptor for the logger, which allows remote attackers to cause a denial of service (abort) via an invalid request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140419 CVE request / advisory: gdomap (GNUstep core package <= 1.24.6)", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q2/143" - }, - { - "name" : "[oss-security] 20140421 Re: CVE request / advisory: gdomap (GNUstep core package <= 1.24.6)", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q2/152" - }, - { - "name" : "http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/ChangeLog?r1=37756&r2=37755&pathrev=37756", - "refsource" : "CONFIRM", - "url" : "http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/ChangeLog?r1=37756&r2=37755&pathrev=37756" - }, - { - "name" : "http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/Tools/gdomap.c?r1=37756&r2=37755&pathrev=37756", - "refsource" : "CONFIRM", - "url" : "http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/Tools/gdomap.c?r1=37756&r2=37755&pathrev=37756" - }, - { - "name" : "https://savannah.gnu.org/bugs/?41751", - "refsource" : "CONFIRM", - "url" : "https://savannah.gnu.org/bugs/?41751" - }, - { - "name" : "66992", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66992" - }, - { - "name" : "58104", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58104" - }, - { - "name" : "gnustep-cve20142980-dos(92688)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92688" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run in daemon mode, does not properly handle the file descriptor for the logger, which allows remote attackers to cause a denial of service (abort) via an invalid request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gnustep-cve20142980-dos(92688)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92688" + }, + { + "name": "https://savannah.gnu.org/bugs/?41751", + "refsource": "CONFIRM", + "url": "https://savannah.gnu.org/bugs/?41751" + }, + { + "name": "http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/Tools/gdomap.c?r1=37756&r2=37755&pathrev=37756", + "refsource": "CONFIRM", + "url": "http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/Tools/gdomap.c?r1=37756&r2=37755&pathrev=37756" + }, + { + "name": "66992", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66992" + }, + { + "name": "http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/ChangeLog?r1=37756&r2=37755&pathrev=37756", + "refsource": "CONFIRM", + "url": "http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/ChangeLog?r1=37756&r2=37755&pathrev=37756" + }, + { + "name": "[oss-security] 20140421 Re: CVE request / advisory: gdomap (GNUstep core package <= 1.24.6)", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q2/152" + }, + { + "name": "[oss-security] 20140419 CVE request / advisory: gdomap (GNUstep core package <= 1.24.6)", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q2/143" + }, + { + "name": "58104", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58104" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6856.json b/2014/6xxx/CVE-2014-6856.json index 55eb29a8bdd..8343dbb15c1 100644 --- a/2014/6xxx/CVE-2014-6856.json +++ b/2014/6xxx/CVE-2014-6856.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6856", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AHRAH (aka com.vet2pet.aid219426) application 219426 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#777769", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/777769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AHRAH (aka com.vet2pet.aid219426) application 219426 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#777769", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/777769" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7499.json b/2014/7xxx/CVE-2014-7499.json index abadf6990eb..1cd9f570fbf 100644 --- a/2014/7xxx/CVE-2014-7499.json +++ b/2014/7xxx/CVE-2014-7499.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Sword (aka com.ireadercity.c25) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#256545", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/256545" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sword (aka com.ireadercity.c25) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#256545", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/256545" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0089.json b/2017/0xxx/CVE-2017-0089.json index 606391580fe..82e159b7e8a 100644 --- a/2017/0xxx/CVE-2017-0089.json +++ b/2017/0xxx/CVE-2017-0089.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0089", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Uniscribe", - "version" : { - "version_data" : [ - { - "version_value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Uniscribe Remote Code Execution Vulnerability.\" This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, and CVE-2017-0090." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0089", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Uniscribe", + "version": { + "version_data": [ + { + "version_value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41652", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41652/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0089", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0089" - }, - { - "name" : "96606", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96606" - }, - { - "name" : "1037992", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Uniscribe Remote Code Execution Vulnerability.\" This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, and CVE-2017-0090." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96606", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96606" + }, + { + "name": "41652", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41652/" + }, + { + "name": "1037992", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037992" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0089", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0089" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0309.json b/2017/0xxx/CVE-2017-0309.json index 02b51e091e8..5a2e84750f1 100644 --- a/2017/0xxx/CVE-2017-0309.json +++ b/2017/0xxx/CVE-2017-0309.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2017-0309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GPU Display Driver", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service and possible Escalation of Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2017-0309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GPU Display Driver", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4398", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service and possible Escalation of Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0682.json b/2017/0xxx/CVE-2017-0682.json index 39d35f832aa..08e86bc0ba8 100644 --- a/2017/0xxx/CVE-2017-0682.json +++ b/2017/0xxx/CVE-2017-0682.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-07-05T00:00:00", - "ID" : "CVE-2017-0682", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36588422." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-07-05T00:00:00", + "ID": "CVE-2017-0682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "99478", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36588422." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + }, + { + "name": "99478", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99478" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000150.json b/2017/1000xxx/CVE-2017-1000150.json index 0f2ea48efa1..6fc29152438 100644 --- a/2017/1000xxx/CVE-2017-1000150.json +++ b/2017/1000xxx/CVE-2017-1000150.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.361497", - "ID" : "CVE-2017-1000150", - "REQUESTER" : "info@mahara.org", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mahara", - "version" : { - "version_data" : [ - { - "version_value" : "<15.04.7, <15.10.3" - } - ] - } - } - ] - }, - "vendor_name" : "Mahara" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Sessions" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.361497", + "ID": "CVE-2017-1000150", + "REQUESTER": "info@mahara.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/mahara/+bug/1567784", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/mahara/+bug/1567784" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/mahara/+bug/1567784", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/mahara/+bug/1567784" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000443.json b/2017/1000xxx/CVE-2017-1000443.json index 1d3a461beb7..24a412d0d3a 100644 --- a/2017/1000xxx/CVE-2017-1000443.json +++ b/2017/1000xxx/CVE-2017-1000443.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-12-29", - "ID" : "CVE-2017-1000443", - "REQUESTER" : "boothf@boothlabs.me", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Openhacker", - "version" : { - "version_data" : [ - { - "version_value" : "0.1.47" - } - ] - } - } - ] - }, - "vendor_name" : "Eleix (Francis Booth)" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnerability in the bank transactions component resulting in arbitrary code execution in the browser." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-12-29", + "ID": "CVE-2017-1000443", + "REQUESTER": "boothf@boothlabs.me", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Eleix/openhacker/commit/9da5c237ba5e2311f01edc83389bc5aaf0a9885c", - "refsource" : "CONFIRM", - "url" : "https://github.com/Eleix/openhacker/commit/9da5c237ba5e2311f01edc83389bc5aaf0a9885c" - }, - { - "name" : "https://github.com/Eleix/openhacker/issues/5", - "refsource" : "CONFIRM", - "url" : "https://github.com/Eleix/openhacker/issues/5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnerability in the bank transactions component resulting in arbitrary code execution in the browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Eleix/openhacker/issues/5", + "refsource": "CONFIRM", + "url": "https://github.com/Eleix/openhacker/issues/5" + }, + { + "name": "https://github.com/Eleix/openhacker/commit/9da5c237ba5e2311f01edc83389bc5aaf0a9885c", + "refsource": "CONFIRM", + "url": "https://github.com/Eleix/openhacker/commit/9da5c237ba5e2311f01edc83389bc5aaf0a9885c" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18084.json b/2017/18xxx/CVE-2017-18084.json index a744e85de94..195eeafec31 100644 --- a/2017/18xxx/CVE-2017-18084.json +++ b/2017/18xxx/CVE-2017-18084.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-02-02T00:00:00", - "ID" : "CVE-2017-18084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Confluence", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 6.3.4" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-02-02T00:00:00", + "ID": "CVE-2017-18084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Confluence", + "version": { + "version_data": [ + { + "version_value": "prior to 6.3.4" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/CONFSERVER-54904", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/CONFSERVER-54904" - }, - { - "name" : "103064", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103064" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.atlassian.com/browse/CONFSERVER-54904", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/CONFSERVER-54904" + }, + { + "name": "103064", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103064" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18286.json b/2017/18xxx/CVE-2017-18286.json index 8e1db3dbbf1..cbaba1f88f2 100644 --- a/2017/18xxx/CVE-2017-18286.json +++ b/2017/18xxx/CVE-2017-18286.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nZEDb v0.7.3.3 has XSS in the 404 error page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://packetstormsecurity.com/files/143725/nZEDb-0.7.3.3-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/143725/nZEDb-0.7.3.3-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nZEDb v0.7.3.3 has XSS in the 404 error page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/143725/nZEDb-0.7.3.3-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/143725/nZEDb-0.7.3.3-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1185.json b/2017/1xxx/CVE-2017-1185.json index 290bee451d0..8912bece9d1 100644 --- a/2017/1xxx/CVE-2017-1185.json +++ b/2017/1xxx/CVE-2017-1185.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1185", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1185", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1195.json b/2017/1xxx/CVE-2017-1195.json index d5660976724..e5e1b7f9feb 100644 --- a/2017/1xxx/CVE-2017-1195.json +++ b/2017/1xxx/CVE-2017-1195.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-08-23T00:00:00", - "ID" : "CVE-2017-1195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cram Social Program Management", - "version" : { - "version_data" : [ - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - }, - { - "version_value" : "6.1.0" - }, - { - "version_value" : "6.1.1" - }, - { - "version_value" : "6.2.0" - }, - { - "version_value" : "7.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123670." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-08-23T00:00:00", + "ID": "CVE-2017-1195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cram Social Program Management", + "version": { + "version_data": [ + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + }, + { + "version_value": "6.1.0" + }, + { + "version_value": "6.1.1" + }, + { + "version_value": "6.2.0" + }, + { + "version_value": "7.0.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123670", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123670" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22007160", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22007160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123670." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22007160", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22007160" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123670", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123670" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1231.json b/2017/1xxx/CVE-2017-1231.json index abf81d803e2..6f3313bca5d 100644 --- a/2017/1xxx/CVE-2017-1231.json +++ b/2017/1xxx/CVE-2017-1231.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-10-02T00:00:00", - "ID" : "CVE-2017-1231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BigFix Platform", - "version" : { - "version_data" : [ - { - "version_value" : "9.5" - }, - { - "version_value" : "9.5.1" - }, - { - "version_value" : "9.5.2" - }, - { - "version_value" : "9.5.3" - }, - { - "version_value" : "9.5.4" - }, - { - "version_value" : "9.5.5" - }, - { - "version_value" : "9.5.6" - }, - { - "version_value" : "9.5.7" - }, - { - "version_value" : "9.5.8" - }, - { - "version_value" : "9.5.9" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123910." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "L", - "C" : "H", - "I" : "N", - "PR" : "H", - "S" : "U", - "SCORE" : "4.400", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-10-02T00:00:00", + "ID": "CVE-2017-1231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BigFix Platform", + "version": { + "version_data": [ + { + "version_value": "9.5" + }, + { + "version_value": "9.5.1" + }, + { + "version_value": "9.5.2" + }, + { + "version_value": "9.5.3" + }, + { + "version_value": "9.5.4" + }, + { + "version_value": "9.5.5" + }, + { + "version_value": "9.5.6" + }, + { + "version_value": "9.5.7" + }, + { + "version_value": "9.5.8" + }, + { + "version_value": "9.5.9" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10724511", - "refsource" : "CONFIRM", - "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10724511" - }, - { - "name" : "ibm-bigfix-cve20171231-info-disc(123910)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123910" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123910." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "L", + "C": "H", + "I": "N", + "PR": "H", + "S": "U", + "SCORE": "4.400", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-bigfix-cve20171231-info-disc(123910)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123910" + }, + { + "name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10724511", + "refsource": "CONFIRM", + "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10724511" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4585.json b/2017/4xxx/CVE-2017-4585.json index c04dd7c2e68..f54ff4945c0 100644 --- a/2017/4xxx/CVE-2017-4585.json +++ b/2017/4xxx/CVE-2017-4585.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4585", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4585", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4811.json b/2017/4xxx/CVE-2017-4811.json index 9d9b39a2097..7460d5d3795 100644 --- a/2017/4xxx/CVE-2017-4811.json +++ b/2017/4xxx/CVE-2017-4811.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4811", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4811", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4899.json b/2017/4xxx/CVE-2017-4899.json index bb648e5c8b0..e53c8a42123 100644 --- a/2017/4xxx/CVE-2017-4899.json +++ b/2017/4xxx/CVE-2017-4899.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "ID" : "CVE-2017-4899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Workstation Pro/Player", - "version" : { - "version_data" : [ - { - "version_value" : "12.x prior to version 12.5.3" - } - ] - } - } - ] - }, - "vendor_name" : "VMware" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. Note: This issue can be triggered only when the host has no graphics card or no graphics drivers are installed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "ID": "CVE-2017-4899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Workstation Pro/Player", + "version": { + "version_data": [ + { + "version_value": "12.x prior to version 12.5.3" + } + ] + } + } + ] + }, + "vendor_name": "VMware" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2017-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2017-0003.html" - }, - { - "name" : "96771", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96771" - }, - { - "name" : "1037979", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037979" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. Note: This issue can be triggered only when the host has no graphics card or no graphics drivers are installed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96771", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96771" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html" + }, + { + "name": "1037979", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037979" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5393.json b/2017/5xxx/CVE-2017-5393.json index d8ed2830be7..cbe1ea63e0a 100644 --- a/2017/5xxx/CVE-2017-5393.json +++ b/2017/5xxx/CVE-2017-5393.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "51" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"mozAddonManager\" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. This vulnerability affects Firefox < 51." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remove addons.mozilla.org CDN from whitelist for mozAddonManager" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "51" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1309282", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1309282" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-01/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-01/" - }, - { - "name" : "95763", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95763" - }, - { - "name" : "1037693", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"mozAddonManager\" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. This vulnerability affects Firefox < 51." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remove addons.mozilla.org CDN from whitelist for mozAddonManager" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1309282", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1309282" + }, + { + "name": "1037693", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037693" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-01/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/" + }, + { + "name": "95763", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95763" + } + ] + } +} \ No newline at end of file