diff --git a/2006/0xxx/CVE-2006-0002.json b/2006/0xxx/CVE-2006-0002.json index 851a8c4099e..90a5aa71629 100644 --- a/2006/0xxx/CVE-2006-0002.json +++ b/2006/0xxx/CVE-2006-0002.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-0002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060110 Microsoft Outlook Critical Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421520/100/0/threaded" - }, - { - "name" : "20060110 Microsoft Exchange Critical Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/421518/100/0/threaded" - }, - { - "name" : "MS06-003", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-003" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm" - }, - { - "name" : "TA06-010A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-010A.html" - }, - { - "name" : "VU#252146", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/252146" - }, - { - "name" : "16197", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16197" - }, - { - "name" : "ADV-2006-0119", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0119" - }, - { - "name" : "oval:org.mitre.oval:def:1082", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1082" - }, - { - "name" : "oval:org.mitre.oval:def:1165", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1165" - }, - { - "name" : "oval:org.mitre.oval:def:1316", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1316" - }, - { - "name" : "oval:org.mitre.oval:def:1456", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1456" - }, - { - "name" : "oval:org.mitre.oval:def:1485", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1485" - }, - { - "name" : "oval:org.mitre.oval:def:624", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A624" - }, - { - "name" : "1015461", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015461" - }, - { - "name" : "1015460", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015460" - }, - { - "name" : "18368", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18368" - }, - { - "name" : "330", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/330" - }, - { - "name" : "331", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/331" - }, - { - "name" : "win-tnef-overflow(22878)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22878" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:1082", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1082" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm" + }, + { + "name": "oval:org.mitre.oval:def:1165", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1165" + }, + { + "name": "1015460", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015460" + }, + { + "name": "20060110 Microsoft Outlook Critical Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421520/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:624", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A624" + }, + { + "name": "win-tnef-overflow(22878)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22878" + }, + { + "name": "331", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/331" + }, + { + "name": "oval:org.mitre.oval:def:1485", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1485" + }, + { + "name": "oval:org.mitre.oval:def:1316", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1316" + }, + { + "name": "ADV-2006-0119", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0119" + }, + { + "name": "MS06-003", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-003" + }, + { + "name": "oval:org.mitre.oval:def:1456", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1456" + }, + { + "name": "330", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/330" + }, + { + "name": "16197", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16197" + }, + { + "name": "20060110 Microsoft Exchange Critical Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/421518/100/0/threaded" + }, + { + "name": "18368", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18368" + }, + { + "name": "VU#252146", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/252146" + }, + { + "name": "TA06-010A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-010A.html" + }, + { + "name": "1015461", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015461" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0049.json b/2006/0xxx/CVE-2006-0049.json index 7bff3386fb4..ceee6b0e4a2 100644 --- a/2006/0xxx/CVE-2006-0049.json +++ b/2006/0xxx/CVE-2006-0049.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0049", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2006-0049", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060309 GnuPG does not detect injection of unsigned data", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/427324/100/0/threaded" - }, - { - "name" : "[gnupg-announce] 20060309 [Announce] GnuPG does not detect injection of unsigned data", - "refsource" : "MLIST", - "url" : "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html" - }, - { - "name" : "DSA-993", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-993" - }, - { - "name" : "FEDORA-2006-147", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html" - }, - { - "name" : "FLSA-2006:185355", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/433931/100/0/threaded" - }, - { - "name" : "GLSA-200603-08", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml" - }, - { - "name" : "MDKSA-2006:055", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:055" - }, - { - "name" : "RHSA-2006:0266", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0266.html" - }, - { - "name" : "20060401-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U" - }, - { - "name" : "SSA:2006-072-02", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.476477" - }, - { - "name" : "SUSE-SA:2006:014", - "refsource" : "SUSE", - "url" : "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html" - }, - { - "name" : "2006-0014", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0014" - }, - { - "name" : "USN-264-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/264-1/" - }, - { - "name" : "17058", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17058" - }, - { - "name" : "oval:org.mitre.oval:def:10063", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063" - }, - { - "name" : "ADV-2006-0915", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0915" - }, - { - "name" : "23790", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23790" - }, - { - "name" : "1015749", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015749" - }, - { - "name" : "19173", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19173" - }, - { - "name" : "19203", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19203" - }, - { - "name" : "19244", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19244" - }, - { - "name" : "19231", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19231" - }, - { - "name" : "19249", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19249" - }, - { - "name" : "19287", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19287" - }, - { - "name" : "19197", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19197" - }, - { - "name" : "19232", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19232" - }, - { - "name" : "19234", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19234" - }, - { - "name" : "19532", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19532" - }, - { - "name" : "450", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/450" - }, - { - "name" : "568", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/568" - }, - { - "name" : "gnupg-nondetached-sig-verification(25184)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-264-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/264-1/" + }, + { + "name": "19249", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19249" + }, + { + "name": "ADV-2006-0915", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0915" + }, + { + "name": "RHSA-2006:0266", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0266.html" + }, + { + "name": "20060401-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U" + }, + { + "name": "[gnupg-announce] 20060309 [Announce] GnuPG does not detect injection of unsigned data", + "refsource": "MLIST", + "url": "http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html" + }, + { + "name": "450", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/450" + }, + { + "name": "19232", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19232" + }, + { + "name": "23790", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23790" + }, + { + "name": "SSA:2006-072-02", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.476477" + }, + { + "name": "19173", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19173" + }, + { + "name": "FLSA-2006:185355", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/433931/100/0/threaded" + }, + { + "name": "17058", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17058" + }, + { + "name": "568", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/568" + }, + { + "name": "oval:org.mitre.oval:def:10063", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10063" + }, + { + "name": "19287", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19287" + }, + { + "name": "2006-0014", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0014" + }, + { + "name": "1015749", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015749" + }, + { + "name": "19532", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19532" + }, + { + "name": "SUSE-SA:2006:014", + "refsource": "SUSE", + "url": "http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html" + }, + { + "name": "GLSA-200603-08", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml" + }, + { + "name": "gnupg-nondetached-sig-verification(25184)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25184" + }, + { + "name": "19234", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19234" + }, + { + "name": "FEDORA-2006-147", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html" + }, + { + "name": "19197", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19197" + }, + { + "name": "19244", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19244" + }, + { + "name": "19203", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19203" + }, + { + "name": "MDKSA-2006:055", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:055" + }, + { + "name": "20060309 GnuPG does not detect injection of unsigned data", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/427324/100/0/threaded" + }, + { + "name": "19231", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19231" + }, + { + "name": "DSA-993", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-993" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0316.json b/2006/0xxx/CVE-2006-0316.json index 25508d150bd..545cf78184b 100644 --- a/2006/0xxx/CVE-2006-0316.json +++ b/2006/0xxx/CVE-2006-0316.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control, as used in AOL 8.0, 8.0 Plus, and 9.0 Classic, allows remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://news.com.com/2061-10789_3-6027865.html?part=rss&tag=6027865&subj=news", - "refsource" : "MISC", - "url" : "http://news.com.com/2061-10789_3-6027865.html?part=rss&tag=6027865&subj=news" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/MIMG-6KRSQP", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/MIMG-6KRSQP" - }, - { - "name" : "VU#715730", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/715730" - }, - { - "name" : "16262", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16262" - }, - { - "name" : "ADV-2006-0221", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0221" - }, - { - "name" : "22486", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22486" - }, - { - "name" : "1015494", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015494" - }, - { - "name" : "18521", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18521" - }, - { - "name" : "aol-youvegotpictures-activex-bo(24160)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control, as used in AOL 8.0, 8.0 Plus, and 9.0 Classic, allows remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0221", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0221" + }, + { + "name": "22486", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22486" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MIMG-6KRSQP", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/MIMG-6KRSQP" + }, + { + "name": "18521", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18521" + }, + { + "name": "http://news.com.com/2061-10789_3-6027865.html?part=rss&tag=6027865&subj=news", + "refsource": "MISC", + "url": "http://news.com.com/2061-10789_3-6027865.html?part=rss&tag=6027865&subj=news" + }, + { + "name": "16262", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16262" + }, + { + "name": "aol-youvegotpictures-activex-bo(24160)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24160" + }, + { + "name": "1015494", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015494" + }, + { + "name": "VU#715730", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/715730" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3063.json b/2006/3xxx/CVE-2006-3063.json index 5115b0bef66..d64ac58419e 100644 --- a/2006/3xxx/CVE-2006-3063.json +++ b/2006/3xxx/CVE-2006-3063.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook 1.x through 2.0.0-r1 and before 2.0.1 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) email, (3) homepage, (4) id, (5) name, and (6) text parameters in (a) index.php, the (7) comment, (8) email, (9) homepage, (10) number, (11) name, and (12) text parameters in (b) admin/guestbook.php, and the (13) email, (14) homepage, (15) icq, (16) name, and (17) text parameters in (c) admin/edit.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.networkarea.ch/forum/topic.php?id=4&s=9106beea248ecd1a552439168ada227e", - "refsource" : "CONFIRM", - "url" : "http://www.networkarea.ch/forum/topic.php?id=4&s=9106beea248ecd1a552439168ada227e" - }, - { - "name" : "18582", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18582" - }, - { - "name" : "ADV-2006-2480", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2480" - }, - { - "name" : "20764", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20764" - }, - { - "name" : "myphp-guestbook-multiple-scripts-xss(27293)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27293" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook 1.x through 2.0.0-r1 and before 2.0.1 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) email, (3) homepage, (4) id, (5) name, and (6) text parameters in (a) index.php, the (7) comment, (8) email, (9) homepage, (10) number, (11) name, and (12) text parameters in (b) admin/guestbook.php, and the (13) email, (14) homepage, (15) icq, (16) name, and (17) text parameters in (c) admin/edit.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.networkarea.ch/forum/topic.php?id=4&s=9106beea248ecd1a552439168ada227e", + "refsource": "CONFIRM", + "url": "http://www.networkarea.ch/forum/topic.php?id=4&s=9106beea248ecd1a552439168ada227e" + }, + { + "name": "20764", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20764" + }, + { + "name": "18582", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18582" + }, + { + "name": "myphp-guestbook-multiple-scripts-xss(27293)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27293" + }, + { + "name": "ADV-2006-2480", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2480" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3379.json b/2006/3xxx/CVE-2006-3379.json index 5900d70bfeb..d63dd1dd326 100644 --- a/2006/3xxx/CVE-2006-3379.json +++ b/2006/3xxx/CVE-2006-3379.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 and 0.8.0 through 0.8.5 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hikiwiki.org/en/advisory20060703.html", - "refsource" : "CONFIRM", - "url" : "http://hikiwiki.org/en/advisory20060703.html" - }, - { - "name" : "DSA-1119", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1119" - }, - { - "name" : "JVN#98836916", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2398836916/index.html" - }, - { - "name" : "18785", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18785" - }, - { - "name" : "ADV-2006-2643", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2643" - }, - { - "name" : "26970", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26970" - }, - { - "name" : "20741", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20741" - }, - { - "name" : "21150", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21150" - }, - { - "name" : "hiki-diff-dos(27507)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27507" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 and 0.8.0 through 0.8.5 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18785", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18785" + }, + { + "name": "26970", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26970" + }, + { + "name": "21150", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21150" + }, + { + "name": "DSA-1119", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1119" + }, + { + "name": "ADV-2006-2643", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2643" + }, + { + "name": "JVN#98836916", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2398836916/index.html" + }, + { + "name": "http://hikiwiki.org/en/advisory20060703.html", + "refsource": "CONFIRM", + "url": "http://hikiwiki.org/en/advisory20060703.html" + }, + { + "name": "20741", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20741" + }, + { + "name": "hiki-diff-dos(27507)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27507" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3731.json b/2006/3xxx/CVE-2006-3731.json index 9d3af7e4897..43b363c6c3a 100644 --- a/2006/3xxx/CVE-2006-3731.json +++ b/2006/3xxx/CVE-2006-3731.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3731", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attackers to cause a denial of service (crash) via a form with a multipart/form-data encoding and a user-uploaded file. NOTE: a third party has claimed that this issue might be related to the LiveHTTPHeaders extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3731", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060711 crashing firefox <= 1.5.0.4", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440119/100/100/threaded" - }, - { - "name" : "20060715 Re: crashing firefox <= 1.5.0.4", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440506/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attackers to cause a denial of service (crash) via a form with a multipart/form-data encoding and a user-uploaded file. NOTE: a third party has claimed that this issue might be related to the LiveHTTPHeaders extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060711 crashing firefox <= 1.5.0.4", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440119/100/100/threaded" + }, + { + "name": "20060715 Re: crashing firefox <= 1.5.0.4", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440506/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3980.json b/2006/3xxx/CVE-2006-3980.json index 428a6590d17..e0eb1927ef5 100644 --- a/2006/3xxx/CVE-2006-3980.json +++ b/2006/3xxx/CVE-2006-3980.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in administrator/components/com_mgm/help.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060728 Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441533/100/0/threaded" - }, - { - "name" : "2084", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2084" - }, - { - "name" : "19224", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19224" - }, - { - "name" : "ADV-2006-3054", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3054" - }, - { - "name" : "27650", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27650" - }, - { - "name" : "21268", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21268" - }, - { - "name" : "1322", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1322" - }, - { - "name" : "mgm-helpmgm-file-include(28072)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28072" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in administrator/components/com_mgm/help.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27650", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27650" + }, + { + "name": "19224", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19224" + }, + { + "name": "2084", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2084" + }, + { + "name": "mgm-helpmgm-file-include(28072)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28072" + }, + { + "name": "1322", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1322" + }, + { + "name": "ADV-2006-3054", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3054" + }, + { + "name": "20060728 Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441533/100/0/threaded" + }, + { + "name": "21268", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21268" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4366.json b/2006/4xxx/CVE-2006-4366.json index 16cdf738358..f18b94b0cef 100644 --- a/2006/4xxx/CVE-2006-4366.json +++ b/2006/4xxx/CVE-2006-4366.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4366", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php in RedBLoG 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4366", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/data/vulnerabilities/exploits/19658-rfi.html", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/data/vulnerabilities/exploits/19658-rfi.html" - }, - { - "name" : "19658", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19658" - }, - { - "name" : "30311", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30311" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php in RedBLoG 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19658", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19658" + }, + { + "name": "http://www.securityfocus.com/data/vulnerabilities/exploits/19658-rfi.html", + "refsource": "MISC", + "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/19658-rfi.html" + }, + { + "name": "30311", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30311" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4626.json b/2006/4xxx/CVE-2006-4626.json index b96ca21fdc3..407c07abe0e 100644 --- a/2006/4xxx/CVE-2006-4626.json +++ b/2006/4xxx/CVE-2006-4626.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4626", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in alwil avast! Anti-virus Engine before 4.7.869 allows remote attackers to execute arbitrary code via a crafted LHA file that contains extended headers with file and directory names whose concatenation triggers the overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hustlelabs.com/advisories/04072006_alwil.pdf", - "refsource" : "MISC", - "url" : "http://www.hustlelabs.com/advisories/04072006_alwil.pdf" - }, - { - "name" : "19903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19903" - }, - { - "name" : "ADV-2006-3515", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3515" - }, - { - "name" : "21794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21794" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in alwil avast! Anti-virus Engine before 4.7.869 allows remote attackers to execute arbitrary code via a crafted LHA file that contains extended headers with file and directory names whose concatenation triggers the overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.hustlelabs.com/advisories/04072006_alwil.pdf", + "refsource": "MISC", + "url": "http://www.hustlelabs.com/advisories/04072006_alwil.pdf" + }, + { + "name": "19903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19903" + }, + { + "name": "ADV-2006-3515", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3515" + }, + { + "name": "21794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21794" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6737.json b/2006/6xxx/CVE-2006-6737.json index 953747af33c..429601d3fc1 100644 --- a/2006/6xxx/CVE-2006-6737.json +++ b/2006/6xxx/CVE-2006-6737.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6737", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 5 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_10 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to \"access data in other applets,\" aka \"The first issue.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html" - }, - { - "name" : "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html" - }, - { - "name" : "GLSA-200701-15", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200701-15.xml" - }, - { - "name" : "GLSA-200702-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200702-08.xml" - }, - { - "name" : "GLSA-200705-20", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200705-20.xml" - }, - { - "name" : "RHSA-2007:0062", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0062.html" - }, - { - "name" : "RHSA-2007:0072", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0072.html" - }, - { - "name" : "RHSA-2007:0073", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0073.html" - }, - { - "name" : "102732", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1" - }, - { - "name" : "SUSE-SA:2007:003", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0003.html" - }, - { - "name" : "SUSE-SA:2007:010", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html" - }, - { - "name" : "SUSE-SA:2007:045", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_45_java.html" - }, - { - "name" : "21674", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21674" - }, - { - "name" : "oval:org.mitre.oval:def:11087", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11087" - }, - { - "name" : "ADV-2006-5075", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5075" - }, - { - "name" : "1017427", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017427" - }, - { - "name" : "23398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23398" - }, - { - "name" : "23650", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23650" - }, - { - "name" : "23835", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23835" - }, - { - "name" : "24099", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24099" - }, - { - "name" : "24189", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24189" - }, - { - "name" : "25404", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25404" - }, - { - "name" : "26049", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26049" - }, - { - "name" : "26119", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26119" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 5 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_10 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to \"access data in other applets,\" aka \"The first issue.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26049", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26049" + }, + { + "name": "RHSA-2007:0062", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0062.html" + }, + { + "name": "oval:org.mitre.oval:def:11087", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11087" + }, + { + "name": "24099", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24099" + }, + { + "name": "25404", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25404" + }, + { + "name": "1017427", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017427" + }, + { + "name": "24189", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24189" + }, + { + "name": "ADV-2006-5075", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5075" + }, + { + "name": "SUSE-SA:2007:045", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_45_java.html" + }, + { + "name": "SUSE-SA:2007:003", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0003.html" + }, + { + "name": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html" + }, + { + "name": "SUSE-SA:2007:010", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html" + }, + { + "name": "26119", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26119" + }, + { + "name": "RHSA-2007:0072", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0072.html" + }, + { + "name": "21674", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21674" + }, + { + "name": "23650", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23650" + }, + { + "name": "23835", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23835" + }, + { + "name": "RHSA-2007:0073", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0073.html" + }, + { + "name": "GLSA-200705-20", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-20.xml" + }, + { + "name": "GLSA-200702-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200702-08.xml" + }, + { + "name": "23398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23398" + }, + { + "name": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html" + }, + { + "name": "102732", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1" + }, + { + "name": "GLSA-200701-15", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200701-15.xml" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6989.json b/2006/6xxx/CVE-2006-6989.json index 8903a125ffc..a2d484589cb 100644 --- a/2006/6xxx/CVE-2006-6989.json +++ b/2006/6xxx/CVE-2006-6989.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7135.json b/2006/7xxx/CVE-2006-7135.json index e258f89d29a..9223e3a3e39 100644 --- a/2006/7xxx/CVE-2006-7135.json +++ b/2006/7xxx/CVE-2006-7135.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in lib/functions.inc.php in PHP Poll Creator (phpPC) 1.04 allows remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter, a different vector and version than CVE-2005-1755. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "15510", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15510" - }, - { - "name" : "phppc-functions-file-include(29393)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29393" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in lib/functions.inc.php in PHP Poll Creator (phpPC) 1.04 allows remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter, a different vector and version than CVE-2005-1755. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15510", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15510" + }, + { + "name": "phppc-functions-file-include(29393)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29393" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2585.json b/2010/2xxx/CVE-2010-2585.json index 93492e99a46..3f1de65f853 100644 --- a/2010/2xxx/CVE-2010-2585.json +++ b/2010/2xxx/CVE-2010-2585.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the RealPage Module Upload ActiveX control in Realpage.dll 1.0.0.9 in RealPage Module ActiveX Controls allow remote attackers to execute arbitrary code via a long (1) DestURL or (2) SourceFile property value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2010-2585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2010-119/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-119/" - }, - { - "name" : "44302", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44302" - }, - { - "name" : "68814", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/68814" - }, - { - "name" : "41392", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41392" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the RealPage Module Upload ActiveX control in Realpage.dll 1.0.0.9 in RealPage Module ActiveX Controls allow remote attackers to execute arbitrary code via a long (1) DestURL or (2) SourceFile property value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41392", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41392" + }, + { + "name": "68814", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/68814" + }, + { + "name": "44302", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44302" + }, + { + "name": "http://secunia.com/secunia_research/2010-119/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-119/" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2694.json b/2010/2xxx/CVE-2010-2694.json index 2a440c8213d..409ef17b07b 100644 --- a/2010/2xxx/CVE-2010-2694.json +++ b/2010/2xxx/CVE-2010-2694.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2694", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14312", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14312" - }, - { - "name" : "41533", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41533" - }, - { - "name" : "40535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40535" - }, - { - "name" : "ADV-2010-1776", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1776" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40535" + }, + { + "name": "ADV-2010-1776", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1776" + }, + { + "name": "41533", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41533" + }, + { + "name": "14312", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14312" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2746.json b/2010/2xxx/CVE-2010-2746.json index 199425db123..8b09cc31c5c 100644 --- a/2010/2xxx/CVE-2010-2746.json +++ b/2010/2xxx/CVE-2010-2746.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka \"Comctl32 Heap Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-2746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-081", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-081" - }, - { - "name" : "TA10-285A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" - }, - { - "name" : "oval:org.mitre.oval:def:7272", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7272" - }, - { - "name" : "1024549", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024549" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka \"Comctl32 Heap Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024549", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024549" + }, + { + "name": "oval:org.mitre.oval:def:7272", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7272" + }, + { + "name": "TA10-285A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" + }, + { + "name": "MS10-081", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-081" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2812.json b/2010/2xxx/CVE-2010-2812.json index 5f52485a5db..80a0c054faa 100644 --- a/2010/2xxx/CVE-2010-2812.json +++ b/2010/2xxx/CVE-2010-2812.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of service (exception and daemon crash) via a PING command that lacks an argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100809 CVE Request - ZNC", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128146352011964&w=2" - }, - { - "name" : "[oss-security] 20100809 Re: CVE Request - ZNC", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128146120727810&w=2" - }, - { - "name" : "[oss-security] 20100810 Re: Re: CVE Request - ZNC", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128152390219401&w=2" - }, - { - "name" : "http://znc.svn.sourceforge.net/viewvc/znc/trunk/Client.cpp?r1=2093&r2=2092&pathrev=2093", - "refsource" : "CONFIRM", - "url" : "http://znc.svn.sourceforge.net/viewvc/znc/trunk/Client.cpp?r1=2093&r2=2092&pathrev=2093" - }, - { - "name" : "http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2093", - "refsource" : "CONFIRM", - "url" : "http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2093" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=622600", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=622600" - }, - { - "name" : "FEDORA-2010-12468", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045386.html" - }, - { - "name" : "FEDORA-2010-12481", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045385.html" - }, - { - "name" : "42314", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42314" - }, - { - "name" : "40919", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40919" - }, - { - "name" : "40970", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40970" - }, - { - "name" : "ADV-2010-2071", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2071" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of service (exception and daemon crash) via a PING command that lacks an argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-2071", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2071" + }, + { + "name": "40919", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40919" + }, + { + "name": "FEDORA-2010-12481", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045385.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=622600", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=622600" + }, + { + "name": "42314", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42314" + }, + { + "name": "[oss-security] 20100810 Re: Re: CVE Request - ZNC", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128152390219401&w=2" + }, + { + "name": "http://znc.svn.sourceforge.net/viewvc/znc/trunk/Client.cpp?r1=2093&r2=2092&pathrev=2093", + "refsource": "CONFIRM", + "url": "http://znc.svn.sourceforge.net/viewvc/znc/trunk/Client.cpp?r1=2093&r2=2092&pathrev=2093" + }, + { + "name": "[oss-security] 20100809 CVE Request - ZNC", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128146352011964&w=2" + }, + { + "name": "[oss-security] 20100809 Re: CVE Request - ZNC", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128146120727810&w=2" + }, + { + "name": "FEDORA-2010-12468", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045386.html" + }, + { + "name": "40970", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40970" + }, + { + "name": "http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2093", + "refsource": "CONFIRM", + "url": "http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2093" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3493.json b/2010/3xxx/CVE-2010-3493.json index 0b783a6ee07..04aba3272b1 100644 --- a/2010/3xxx/CVE-2010-3493.json +++ b/2010/3xxx/CVE-2010-3493.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken => more subcases", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/09/6" - }, - { - "name" : "[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/11/2" - }, - { - "name" : "[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/22/3" - }, - { - "name" : "[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/09/24/3" - }, - { - "name" : "http://bugs.python.org/issue6706", - "refsource" : "MISC", - "url" : "http://bugs.python.org/issue6706" - }, - { - "name" : "https://bugs.launchpad.net/zodb/+bug/135108", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/zodb/+bug/135108" - }, - { - "name" : "http://bugs.python.org/issue9129", - "refsource" : "CONFIRM", - "url" : "http://bugs.python.org/issue9129" - }, - { - "name" : "http://svn.python.org/view/python/branches/py3k/Lib/smtpd.py?r1=84289&r2=84288&pathrev=84289", - "refsource" : "CONFIRM", - "url" : "http://svn.python.org/view/python/branches/py3k/Lib/smtpd.py?r1=84289&r2=84288&pathrev=84289" - }, - { - "name" : "http://svn.python.org/view?view=rev&revision=84289", - "refsource" : "CONFIRM", - "url" : "http://svn.python.org/view?view=rev&revision=84289" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=632200", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=632200" - }, - { - "name" : "MDVSA-2010:216", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:216" - }, - { - "name" : "MDVSA-2010:215", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:215" - }, - { - "name" : "SUSE-SR:2010:024", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "USN-1596-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1596-1" - }, - { - "name" : "USN-1613-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1613-2" - }, - { - "name" : "USN-1613-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1613-1" - }, - { - "name" : "44533", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44533" - }, - { - "name" : "oval:org.mitre.oval:def:12210", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12210" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "50858", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50858" - }, - { - "name" : "51024", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51024" - }, - { - "name" : "51040", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51040" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://svn.python.org/view/python/branches/py3k/Lib/smtpd.py?r1=84289&r2=84288&pathrev=84289", + "refsource": "CONFIRM", + "url": "http://svn.python.org/view/python/branches/py3k/Lib/smtpd.py?r1=84289&r2=84288&pathrev=84289" + }, + { + "name": "[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/11/2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=632200", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=632200" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "https://bugs.launchpad.net/zodb/+bug/135108", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/zodb/+bug/135108" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "51040", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51040" + }, + { + "name": "oval:org.mitre.oval:def:12210", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12210" + }, + { + "name": "50858", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50858" + }, + { + "name": "MDVSA-2010:216", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:216" + }, + { + "name": "http://bugs.python.org/issue9129", + "refsource": "CONFIRM", + "url": "http://bugs.python.org/issue9129" + }, + { + "name": "44533", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44533" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/24/3" + }, + { + "name": "USN-1596-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1596-1" + }, + { + "name": "[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/22/3" + }, + { + "name": "http://bugs.python.org/issue6706", + "refsource": "MISC", + "url": "http://bugs.python.org/issue6706" + }, + { + "name": "[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken => more subcases", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/09/09/6" + }, + { + "name": "USN-1613-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1613-2" + }, + { + "name": "SUSE-SR:2010:024", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html" + }, + { + "name": "http://svn.python.org/view?view=rev&revision=84289", + "refsource": "CONFIRM", + "url": "http://svn.python.org/view?view=rev&revision=84289" + }, + { + "name": "51024", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51024" + }, + { + "name": "USN-1613-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1613-1" + }, + { + "name": "MDVSA-2010:215", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:215" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3559.json b/2010/3xxx/CVE-2010-3559.json index 36bea4adb8f..90d451c0d16 100644 --- a/2010/3xxx/CVE-2010-3559.json +++ b/2010/3xxx/CVE-2010-3559.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-208/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-208/" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100114315", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100114315" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100123193", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100123193" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" - }, - { - "name" : "HPSBUX02608", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" - }, - { - "name" : "SSRT100333", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "RHSA-2010:0770", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0770.html" - }, - { - "name" : "RHSA-2010:0807", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0807.html" - }, - { - "name" : "RHSA-2010:0873", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0873.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "44026", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/44026" - }, - { - "name" : "oval:org.mitre.oval:def:11880", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11880" - }, - { - "name" : "oval:org.mitre.oval:def:12556", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12556" - }, - { - "name" : "41967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41967" - }, - { - "name" : "42974", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42974" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-208/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-208/" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100114315", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100114315" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "RHSA-2010:0770", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html" + }, + { + "name": "SSRT100333", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" + }, + { + "name": "oval:org.mitre.oval:def:11880", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11880" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" + }, + { + "name": "44026", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/44026" + }, + { + "name": "RHSA-2010:0873", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html" + }, + { + "name": "oval:org.mitre.oval:def:12556", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12556" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" + }, + { + "name": "42974", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42974" + }, + { + "name": "HPSBUX02608", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100123193", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100123193" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" + }, + { + "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" + }, + { + "name": "41967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41967" + }, + { + "name": "RHSA-2010:0807", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0081.json b/2011/0xxx/CVE-2011-0081.json index f1855465a1e..51608ff3f31 100644 --- a/2011/0xxx/CVE-2011-0081.json +++ b/2011/0xxx/CVE-2011-0081.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=645289", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=645289" - }, - { - "name" : "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird", - "refsource" : "CONFIRM", - "url" : "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird" - }, - { - "name" : "http://downloads.avaya.com/css/P8/documents/100144158", - "refsource" : "CONFIRM", - "url" : "http://downloads.avaya.com/css/P8/documents/100144158" - }, - { - "name" : "DSA-2227", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2227" - }, - { - "name" : "DSA-2228", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2228" - }, - { - "name" : "DSA-2235", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2235" - }, - { - "name" : "MDVSA-2011:080", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:080" - }, - { - "name" : "MDVSA-2011:079", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079" - }, - { - "name" : "47653", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47653" - }, - { - "name" : "oval:org.mitre.oval:def:13993", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13993" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47653", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47653" + }, + { + "name": "DSA-2228", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2228" + }, + { + "name": "MDVSA-2011:079", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079" + }, + { + "name": "oval:org.mitre.oval:def:13993", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13993" + }, + { + "name": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird", + "refsource": "CONFIRM", + "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird" + }, + { + "name": "DSA-2235", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2235" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=645289", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=645289" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html" + }, + { + "name": "MDVSA-2011:080", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:080" + }, + { + "name": "DSA-2227", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2227" + }, + { + "name": "http://downloads.avaya.com/css/P8/documents/100144158", + "refsource": "CONFIRM", + "url": "http://downloads.avaya.com/css/P8/documents/100144158" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0356.json b/2011/0xxx/CVE-2011-0356.json index d404b779f0b..80e689efb42 100644 --- a/2011/0xxx/CVE-2011-0356.json +++ b/2011/0xxx/CVE-2011-0356.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0356", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0356", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0460.json b/2011/0xxx/CVE-2011-0460.json index 175fdfa68f4..f1513ba3bef 100644 --- a/2011/0xxx/CVE-2011-0460.json +++ b/2011/0xxx/CVE-2011-0460.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=663898", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=663898" - }, - { - "name" : "openSUSE-SU-2011:0357", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2011-04/msg00053.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2011:0357", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00053.html" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=663898", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=663898" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1875.json b/2011/1xxx/CVE-2011-1875.json index e7fbadd54b2..cd602cc6cff 100644 --- a/2011/1xxx/CVE-2011-1875.json +++ b/2011/1xxx/CVE-2011-1875.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1875", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka \"Win32k Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1875", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/css/P8/documents/100144947", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100144947" - }, - { - "name" : "MS11-054", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-054" - }, - { - "name" : "TA11-193A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-193A.html" - }, - { - "name" : "48589", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48589" - }, - { - "name" : "73785", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/73785" - }, - { - "name" : "oval:org.mitre.oval:def:12704", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12704" - }, - { - "name" : "1025761", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025761" - }, - { - "name" : "45186", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45186" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka \"Win32k Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "73785", + "refsource": "OSVDB", + "url": "http://osvdb.org/73785" + }, + { + "name": "oval:org.mitre.oval:def:12704", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12704" + }, + { + "name": "MS11-054", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-054" + }, + { + "name": "48589", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48589" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100144947", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100144947" + }, + { + "name": "TA11-193A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-193A.html" + }, + { + "name": "45186", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45186" + }, + { + "name": "1025761", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025761" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1952.json b/2011/1xxx/CVE-2011-1952.json index 78af97add7f..3b8905698e4 100644 --- a/2011/1xxx/CVE-2011-1952.json +++ b/2011/1xxx/CVE-2011-1952.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1952", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "common.php in Post Revolution before 0.8.0c-2 allows remote attackers to cause a denial of service (infinite loop) via malformed HTML markup, as demonstrated by an a< sequence." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1952", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110601 Post Revolution 0.8.0c Multiple Remote Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/518205/100/0/threaded" - }, - { - "name" : "http://javierb.com.ar/2011/06/01/postrev-vunls/", - "refsource" : "MISC", - "url" : "http://javierb.com.ar/2011/06/01/postrev-vunls/" - }, - { - "name" : "http://postrev.com.ar/verpost.php?id_noticia=59", - "refsource" : "CONFIRM", - "url" : "http://postrev.com.ar/verpost.php?id_noticia=59" - }, - { - "name" : "47967", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47967" - }, - { - "name" : "8270", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "common.php in Post Revolution before 0.8.0c-2 allows remote attackers to cause a denial of service (infinite loop) via malformed HTML markup, as demonstrated by an a< sequence." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110601 Post Revolution 0.8.0c Multiple Remote Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/518205/100/0/threaded" + }, + { + "name": "47967", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47967" + }, + { + "name": "http://javierb.com.ar/2011/06/01/postrev-vunls/", + "refsource": "MISC", + "url": "http://javierb.com.ar/2011/06/01/postrev-vunls/" + }, + { + "name": "8270", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8270" + }, + { + "name": "http://postrev.com.ar/verpost.php?id_noticia=59", + "refsource": "CONFIRM", + "url": "http://postrev.com.ar/verpost.php?id_noticia=59" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4260.json b/2011/4xxx/CVE-2011-4260.json index 468b5f8754c..b6727694c45 100644 --- a/2011/4xxx/CVE-2011-4260.json +++ b/2011/4xxx/CVE-2011-4260.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://service.real.com/realplayer/security/11182011_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/11182011_player/en/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://service.real.com/realplayer/security/11182011_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/11182011_player/en/" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2093.json b/2014/2xxx/CVE-2014-2093.json index ab29a4b52d8..833e475f60b 100644 --- a/2014/2xxx/CVE-2014-2093.json +++ b/2014/2xxx/CVE-2014-2093.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Catfish through 0.4.0.3 allows local users to gain privileges via a Trojan horse catfish.py in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140225 Re: CVE request for catfish program", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/02/25/4" - }, - { - "name" : "[oss-security] 20140225 Re: CVE request for catfish program", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/02/25/2" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1069396", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1069396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Catfish through 0.4.0.3 allows local users to gain privileges via a Trojan horse catfish.py in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1069396", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069396" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958" + }, + { + "name": "[oss-security] 20140225 Re: CVE request for catfish program", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/02/25/2" + }, + { + "name": "[oss-security] 20140225 Re: CVE request for catfish program", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/02/25/4" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3054.json b/2014/3xxx/CVE-2014-3054.json index 9467e37b9fa..5700d0578a2 100644 --- a/2014/3xxx/CVE-2014-3054.json +++ b/2014/3xxx/CVE-2014-3054.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677032", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677032" - }, - { - "name" : "PI18909", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909" - }, - { - "name" : "60499", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60499" - }, - { - "name" : "ibm-wsputl-cve20143054-redirect(93528)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60499", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60499" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032" + }, + { + "name": "ibm-wsputl-cve20143054-redirect(93528)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93528" + }, + { + "name": "PI18909", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3545.json b/2014/3xxx/CVE-2014-3545.json index b6aa20f14d7..0ac7f48cffa 100644 --- a/2014/3xxx/CVE-2014-3545.json +++ b/2014/3xxx/CVE-2014-3545.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140721 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/07/21/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46148", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46148" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=264266", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=264266" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://moodle.org/mod/forum/discuss.php?d=264266", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=264266" + }, + { + "name": "[oss-security] 20140721 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/07/21/1" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46148", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46148" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6210.json b/2014/6xxx/CVE-2014-6210.json index 4066b1fa0a0..39b9f50d05a 100644 --- a/2014/6xxx/CVE-2014-6210.json +++ b/2014/6xxx/CVE-2014-6210.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying the same column within multiple ALTER TABLE statements." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21690891", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21690891" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693197", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693197" - }, - { - "name" : "IC96934", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96934" - }, - { - "name" : "IT04138", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04138" - }, - { - "name" : "IT05651", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05651" - }, - { - "name" : "IT05652", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05652" - }, - { - "name" : "71730", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71730" - }, - { - "name" : "1034572", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034572" - }, - { - "name" : "62092", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62092" - }, - { - "name" : "ibm-db2-cve20146210-dos(98685)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98685" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying the same column within multiple ALTER TABLE statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IT05652", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05652" + }, + { + "name": "62092", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62092" + }, + { + "name": "IT05651", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05651" + }, + { + "name": "71730", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71730" + }, + { + "name": "1034572", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034572" + }, + { + "name": "IT04138", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04138" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693197", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693197" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21690891", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690891" + }, + { + "name": "IC96934", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96934" + }, + { + "name": "ibm-db2-cve20146210-dos(98685)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98685" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6274.json b/2014/6xxx/CVE-2014-6274.json index 1b6a6390a4f..ba783a38c46 100644 --- a/2014/6xxx/CVE-2014-6274.json +++ b/2014/6xxx/CVE-2014-6274.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6274", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6274", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6391.json b/2014/6xxx/CVE-2014-6391.json index 11cc72e8d6b..3519f563b53 100644 --- a/2014/6xxx/CVE-2014-6391.json +++ b/2014/6xxx/CVE-2014-6391.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6391", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6391", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6914.json b/2014/6xxx/CVE-2014-6914.json index 1a99a3af26a..7650c72a174 100644 --- a/2014/6xxx/CVE-2014-6914.json +++ b/2014/6xxx/CVE-2014-6914.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Houcine El Jasmi (aka com.devkhr31.houcineeljasmi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#182185", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/182185" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Houcine El Jasmi (aka com.devkhr31.houcineeljasmi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#182185", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/182185" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7117.json b/2014/7xxx/CVE-2014-7117.json index 9e37383715c..1e39a468cf6 100644 --- a/2014/7xxx/CVE-2014-7117.json +++ b/2014/7xxx/CVE-2014-7117.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Forest Area FCU Mobile (aka com.metova.cuae.fafcu) application 1.0.29 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#932473", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/932473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Forest Area FCU Mobile (aka com.metova.cuae.fafcu) application 1.0.29 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#932473", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/932473" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7218.json b/2014/7xxx/CVE-2014-7218.json index 1059ba9bb65..6280ecadd60 100644 --- a/2014/7xxx/CVE-2014-7218.json +++ b/2014/7xxx/CVE-2014-7218.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7218", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7218", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7250.json b/2014/7xxx/CVE-2014-7250.json index d00f055f1c7..e18066fc9d1 100644 --- a/2014/7xxx/CVE-2014-7250.json +++ b/2014/7xxx/CVE-2014-7250.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7250", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-7250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195243", - "refsource" : "MISC", - "url" : "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195243" - }, - { - "name" : "JVN#07930208", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN07930208/index.html" - }, - { - "name" : "JVNDB-2014-000134", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#07930208", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN07930208/index.html" + }, + { + "name": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195243", + "refsource": "MISC", + "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195243" + }, + { + "name": "JVNDB-2014-000134", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000134" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7288.json b/2014/7xxx/CVE-2014-7288.json index f38c821f0fb..431f99c5714 100644 --- a/2014/7xxx/CVE-2014-7288.json +++ b/2014/7xxx/CVE-2014-7288.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2014-7288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35949", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35949" - }, - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150129_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150129_00" - }, - { - "name" : "72308", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72308" - }, - { - "name" : "117766", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/117766" - }, - { - "name" : "1031673", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031673" - }, - { - "name" : "symantec-cve20147288-command-exec(100763)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031673", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031673" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150129_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150129_00" + }, + { + "name": "35949", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35949" + }, + { + "name": "symantec-cve20147288-command-exec(100763)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100763" + }, + { + "name": "117766", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/117766" + }, + { + "name": "72308", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72308" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7345.json b/2014/7xxx/CVE-2014-7345.json index 47bddb7082e..45ce648b183 100644 --- a/2014/7xxx/CVE-2014-7345.json +++ b/2014/7xxx/CVE-2014-7345.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DIYChatroom (aka com.tapatalk.diychatroomcom) application 3.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#791233", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/791233" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DIYChatroom (aka com.tapatalk.diychatroomcom) application 3.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#791233", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/791233" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8664.json b/2014/8xxx/CVE-2014-8664.json index b8b5752e411..57437eeb435 100644 --- a/2014/8xxx/CVE-2014-8664.json +++ b/2014/8xxx/CVE-2014-8664.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/", - "refsource" : "MISC", - "url" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/" - }, - { - "name" : "http://service.sap.com/sap/support/notes/0001810405", - "refsource" : "MISC", - "url" : "http://service.sap.com/sap/support/notes/0001810405" - }, - { - "name" : "71025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71025" - }, - { - "name" : "sap-ehsm-cve20148664-sql-injection(98611)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98611" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sap-ehsm-cve20148664-sql-injection(98611)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98611" + }, + { + "name": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/", + "refsource": "MISC", + "url": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/" + }, + { + "name": "http://service.sap.com/sap/support/notes/0001810405", + "refsource": "MISC", + "url": "http://service.sap.com/sap/support/notes/0001810405" + }, + { + "name": "71025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71025" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8675.json b/2014/8xxx/CVE-2014-8675.json index 6af41993d4c..735694e68c9 100644 --- a/2014/8xxx/CVE-2014-8675.json +++ b/2014/8xxx/CVE-2014-8675.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force attack on the embedded password hash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "37604", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/37604/" - }, - { - "name" : "20150708 SOPlanning - Simple Online Planning Tool multiple vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jul/44" - }, - { - "name" : "http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html" - }, - { - "name" : "75726", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/75726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force attack on the embedded password hash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "75726", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/75726" + }, + { + "name": "http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html" + }, + { + "name": "37604", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/37604/" + }, + { + "name": "20150708 SOPlanning - Simple Online Planning Tool multiple vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jul/44" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2151.json b/2016/2xxx/CVE-2016-2151.json index caaf1949bc0..4d62cc050f0 100644 --- a/2016/2xxx/CVE-2016-2151.json +++ b/2016/2xxx/CVE-2016-2151.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "user/index.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 grants excessive authorization on the basis of the moodle/course:viewhiddenuserfields capability, which allows remote authenticated users to discover student e-mail addresses by leveraging the teacher role and reading a Participants list." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160321 moodle security release", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/03/21/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52433", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52433" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=330173", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=330173" - }, - { - "name" : "1035333", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035333" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "user/index.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 grants excessive authorization on the basis of the moodle/course:viewhiddenuserfields capability, which allows remote authenticated users to discover student e-mail addresses by leveraging the teacher role and reading a Participants list." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160321 moodle security release", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/03/21/1" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52433", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52433" + }, + { + "name": "1035333", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035333" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=330173", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=330173" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2758.json b/2016/2xxx/CVE-2016-2758.json index dc2d1c9d539..d4f0300f716 100644 --- a/2016/2xxx/CVE-2016-2758.json +++ b/2016/2xxx/CVE-2016-2758.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2758", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2758", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2886.json b/2016/2xxx/CVE-2016-2886.json index 10d77cc461b..d313e5d2bd6 100644 --- a/2016/2xxx/CVE-2016-2886.json +++ b/2016/2xxx/CVE-2016-2886.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2886", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2886", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2939.json b/2016/2xxx/CVE-2016-2939.json index 9f24bc2f20b..bc45a5a4ad6 100644 --- a/2016/2xxx/CVE-2016-2939.json +++ b/2016/2xxx/CVE-2016-2939.json @@ -1,138 +1,138 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-2939", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Domino", - "version" : { - "version_data" : [ - { - "version_value" : "8.5.3.5" - }, - { - "version_value" : "8.5.3.6" - }, - { - "version_value" : "9.0.1" - }, - { - "version_value" : "8.5" - }, - { - "version_value" : "9.0" - }, - { - "version_value" : "8.5.1" - }, - { - "version_value" : "8.5.2" - }, - { - "version_value" : "8.5.3" - }, - { - "version_value" : "9.0.1.1" - }, - { - "version_value" : "8.0.2" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.0.1" - }, - { - "version_value" : "8.5.1.5" - }, - { - "version_value" : "8.5.2.4" - }, - { - "version_value" : "9.0.1.2" - }, - { - "version_value" : "8.5.0.1" - }, - { - "version_value" : "9.0.1.3" - }, - { - "version_value" : "8.5.1.4" - }, - { - "version_value" : "9.0.1.4" - }, - { - "version_value" : "9.0.1.5" - }, - { - "version_value" : "8.5.1.1" - }, - { - "version_value" : "9.0.1.6" - }, - { - "version_value" : "9.0.1.7" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Domino", + "version": { + "version_data": [ + { + "version_value": "8.5.3.5" + }, + { + "version_value": "8.5.3.6" + }, + { + "version_value": "9.0.1" + }, + { + "version_value": "8.5" + }, + { + "version_value": "9.0" + }, + { + "version_value": "8.5.1" + }, + { + "version_value": "8.5.2" + }, + { + "version_value": "8.5.3" + }, + { + "version_value": "9.0.1.1" + }, + { + "version_value": "8.0.2" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.0.1" + }, + { + "version_value": "8.5.1.5" + }, + { + "version_value": "8.5.2.4" + }, + { + "version_value": "9.0.1.2" + }, + { + "version_value": "8.5.0.1" + }, + { + "version_value": "9.0.1.3" + }, + { + "version_value": "8.5.1.4" + }, + { + "version_value": "9.0.1.4" + }, + { + "version_value": "9.0.1.5" + }, + { + "version_value": "8.5.1.1" + }, + { + "version_value": "9.0.1.6" + }, + { + "version_value": "9.0.1.7" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21992835", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21992835" - }, - { - "name" : "94605", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94605" - }, - { - "name" : "1037383", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037383" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "94605", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94605" + }, + { + "name": "1037383", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037383" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21992835", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21992835" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18149.json b/2017/18xxx/CVE-2017-18149.json index 7f1efea2fb5..7a90e134cb8 100644 --- a/2017/18xxx/CVE-2017-18149.json +++ b/2017/18xxx/CVE-2017-18149.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18149", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18149", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18347.json b/2017/18xxx/CVE-2017-18347.json index e8b5e09366b..86b46adbc0c 100644 --- a/2017/18xxx/CVE-2017-18347.json +++ b/2017/18xxx/CVE-2017-18347.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.st.com/s/question/0D50X00009Xke7aSAB/readout-protection-cracked-on-stm32", - "refsource" : "MISC", - "url" : "https://community.st.com/s/question/0D50X00009Xke7aSAB/readout-protection-cracked-on-stm32" - }, - { - "name" : "https://www.aisec.fraunhofer.de/en/FirmwareProtection.html", - "refsource" : "MISC", - "url" : "https://www.aisec.fraunhofer.de/en/FirmwareProtection.html" - }, - { - "name" : "https://www.usenix.org/conference/woot17/workshop-program/presentation/obermaier", - "refsource" : "MISC", - "url" : "https://www.usenix.org/conference/woot17/workshop-program/presentation/obermaier" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://community.st.com/s/question/0D50X00009Xke7aSAB/readout-protection-cracked-on-stm32", + "refsource": "MISC", + "url": "https://community.st.com/s/question/0D50X00009Xke7aSAB/readout-protection-cracked-on-stm32" + }, + { + "name": "https://www.usenix.org/conference/woot17/workshop-program/presentation/obermaier", + "refsource": "MISC", + "url": "https://www.usenix.org/conference/woot17/workshop-program/presentation/obermaier" + }, + { + "name": "https://www.aisec.fraunhofer.de/en/FirmwareProtection.html", + "refsource": "MISC", + "url": "https://www.aisec.fraunhofer.de/en/FirmwareProtection.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1388.json b/2017/1xxx/CVE-2017-1388.json index 813ea10aa2a..54b9f1f7a45 100644 --- a/2017/1xxx/CVE-2017-1388.json +++ b/2017/1xxx/CVE-2017-1388.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1388", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1388", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1440.json b/2017/1xxx/CVE-2017-1440.json index 57879a81834..56e117aba7f 100644 --- a/2017/1xxx/CVE-2017-1440.json +++ b/2017/1xxx/CVE-2017-1440.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-08-28T00:00:00", - "ID" : "CVE-2017-1440", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Emptoris Services Procurement", - "version" : { - "version_data" : [ - { - "version_value" : "10.0.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 128105." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-08-28T00:00:00", + "ID": "CVE-2017-1440", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Emptoris Services Procurement", + "version": { + "version_data": [ + { + "version_value": "10.0.0.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128105", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128105" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg22005550", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg22005550" - }, - { - "name" : "99542", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99542" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 128105." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128105", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128105" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005550", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005550" + }, + { + "name": "99542", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99542" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1528.json b/2017/1xxx/CVE-2017-1528.json index 189b8b97e03..05f2e840d2d 100644 --- a/2017/1xxx/CVE-2017-1528.json +++ b/2017/1xxx/CVE-2017-1528.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1528", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1528", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1967.json b/2017/1xxx/CVE-2017-1967.json index 9da59d30823..a4208766503 100644 --- a/2017/1xxx/CVE-2017-1967.json +++ b/2017/1xxx/CVE-2017-1967.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1967", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1967", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5221.json b/2017/5xxx/CVE-2017-5221.json index 015ecbfba97..f2371a43e6f 100644 --- a/2017/5xxx/CVE-2017-5221.json +++ b/2017/5xxx/CVE-2017-5221.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5221", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5221", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5409.json b/2017/5xxx/CVE-2017-5409.json index 755168c891d..aba22b13033 100644 --- a/2017/5xxx/CVE-2017-5409.json +++ b/2017/5xxx/CVE-2017-5409.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5409", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "45.8" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 45.8 and Firefox < 52." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5409", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "45.8" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1321814", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1321814" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-05/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-05/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-06/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-06/" - }, - { - "name" : "96696", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96696" - }, - { - "name" : "1037966", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 45.8 and Firefox < 52." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96696", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96696" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-05/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-05/" + }, + { + "name": "1037966", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037966" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-06/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-06/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321814", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321814" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5469.json b/2017/5xxx/CVE-2017-5469.json index 4f37bf1bceb..57e64710ca4 100644 --- a/2017/5xxx/CVE-2017-5469.json +++ b/2017/5xxx/CVE-2017-5469.json @@ -1,139 +1,139 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.1" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "45.9" - }, - { - "version_affected" : "<", - "version_value" : "52.1" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "53" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Potential Buffer overflow in flex-generated code" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.1" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "45.9" + }, + { + "version_affected": "<", + "version_value": "52.1" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "53" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1292534", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1292534" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-10/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-10/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-11/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-11/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-12/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-12/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-13/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-13/" - }, - { - "name" : "DSA-3831", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3831" - }, - { - "name" : "RHSA-2017:1104", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1104" - }, - { - "name" : "RHSA-2017:1106", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1106" - }, - { - "name" : "RHSA-2017:1201", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1201" - }, - { - "name" : "97940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97940" - }, - { - "name" : "1038320", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Potential Buffer overflow in flex-generated code" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1106", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1106" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-12/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-12/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-11/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-11/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1292534", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1292534" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-10/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-10/" + }, + { + "name": "97940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97940" + }, + { + "name": "DSA-3831", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3831" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-13/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-13/" + }, + { + "name": "1038320", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038320" + }, + { + "name": "RHSA-2017:1104", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1104" + }, + { + "name": "RHSA-2017:1201", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1201" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5570.json b/2017/5xxx/CVE-2017-5570.json index a6fb004b76e..f836c85a43d 100644 --- a/2017/5xxx/CVE-2017-5570.json +++ b/2017/5xxx/CVE-2017-5570.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/malerisch/898c7ae46abde5da15748beb1e6e886f", - "refsource" : "MISC", - "url" : "https://gist.github.com/malerisch/898c7ae46abde5da15748beb1e6e886f" - }, - { - "name" : "95742", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/malerisch/898c7ae46abde5da15748beb1e6e886f", + "refsource": "MISC", + "url": "https://gist.github.com/malerisch/898c7ae46abde5da15748beb1e6e886f" + }, + { + "name": "95742", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95742" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5646.json b/2017/5xxx/CVE-2017-5646.json index a333b396913..753a3a036cd 100644 --- a/2017/5xxx/CVE-2017-5646.json +++ b/2017/5xxx/CVE-2017-5646.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2017-5646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Knox", - "version" : { - "version_data" : [ - { - "version_value" : "0.2.0 to 0.11.0" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in escalated privileges and unauthorized data access. While this activity is audit logged and can be easily associated with the authenticated user, this is still a serious security issue. All users are recommended to upgrade to the Apache Knox 0.12.0 release." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalated Privileges and Data Access" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2017-5646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Knox", + "version": { + "version_data": [ + { + "version_value": "0.2.0 to 0.11.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[knox-user] 20170526 [ANNOUNCE] CVE-2017-5646: Apache Knox Impersonation Issue for WebHDFS", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/knox-user/201705.mbox/%3CCACRbFyjtT7QQGHUzTRdbJoySbJb7tt4BDk5-r-VRn0GB0Kgvag%40mail.gmail.com%3E" - }, - { - "name" : "98739", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98739" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in escalated privileges and unauthorized data access. While this activity is audit logged and can be easily associated with the authenticated user, this is still a serious security issue. All users are recommended to upgrade to the Apache Knox 0.12.0 release." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalated Privileges and Data Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[knox-user] 20170526 [ANNOUNCE] CVE-2017-5646: Apache Knox Impersonation Issue for WebHDFS", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/knox-user/201705.mbox/%3CCACRbFyjtT7QQGHUzTRdbJoySbJb7tt4BDk5-r-VRn0GB0Kgvag%40mail.gmail.com%3E" + }, + { + "name": "98739", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98739" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5749.json b/2017/5xxx/CVE-2017-5749.json index 55f0afe5cc5..edeacb0c0cf 100644 --- a/2017/5xxx/CVE-2017-5749.json +++ b/2017/5xxx/CVE-2017-5749.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5749", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5749", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file