diff --git a/2006/0xxx/CVE-2006-0014.json b/2006/0xxx/CVE-2006-0014.json index b5e4234f22b..0861226daf2 100644 --- a/2006/0xxx/CVE-2006-0014.json +++ b/2006/0xxx/CVE-2006-0014.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing \"certain Unicode strings\" and modified length values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-0014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060411 ZDI-06-007: Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430645/100/0/threaded" - }, - { - "name" : "20060411 ZDI-06-007: Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045003.html" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-007.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-007.html" - }, - { - "name" : "MS06-016", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-016" - }, - { - "name" : "17459", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17459" - }, - { - "name" : "ADV-2006-1321", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1321" - }, - { - "name" : "oval:org.mitre.oval:def:1611", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1611" - }, - { - "name" : "oval:org.mitre.oval:def:1682", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1682" - }, - { - "name" : "oval:org.mitre.oval:def:1769", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1769" - }, - { - "name" : "oval:org.mitre.oval:def:1771", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1771" - }, - { - "name" : "oval:org.mitre.oval:def:1780", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1780" - }, - { - "name" : "oval:org.mitre.oval:def:1791", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1791" - }, - { - "name" : "oval:org.mitre.oval:def:812", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A812" - }, - { - "name" : "1015898", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015898" - }, - { - "name" : "19617", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19617" - }, - { - "name" : "691", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/691" - }, - { - "name" : "outlook-express-wab-bo(25535)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25535" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing \"certain Unicode strings\" and modified length values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:1611", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1611" + }, + { + "name": "oval:org.mitre.oval:def:812", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A812" + }, + { + "name": "1015898", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015898" + }, + { + "name": "691", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/691" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-007.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-007.html" + }, + { + "name": "oval:org.mitre.oval:def:1682", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1682" + }, + { + "name": "outlook-express-wab-bo(25535)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25535" + }, + { + "name": "MS06-016", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-016" + }, + { + "name": "20060411 ZDI-06-007: Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430645/100/0/threaded" + }, + { + "name": "17459", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17459" + }, + { + "name": "oval:org.mitre.oval:def:1769", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1769" + }, + { + "name": "oval:org.mitre.oval:def:1780", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1780" + }, + { + "name": "oval:org.mitre.oval:def:1791", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1791" + }, + { + "name": "oval:org.mitre.oval:def:1771", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1771" + }, + { + "name": "19617", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19617" + }, + { + "name": "20060411 ZDI-06-007: Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045003.html" + }, + { + "name": "ADV-2006-1321", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1321" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0382.json b/2006/0xxx/CVE-2006-0382.json index 4ba77030234..1cc4e20b4d9 100644 --- a/2006/0xxx/CVE-2006-0382.json +++ b/2006/0xxx/CVE-2006-0382.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Mac OS X 10.4.5 and allows local users to cause a denial of service (crash) via an undocumented system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2006-02-14", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Feb/msg00000.html" - }, - { - "name" : "16654", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16654" - }, - { - "name" : "ADV-2006-0597", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0597" - }, - { - "name" : "23190", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23190" - }, - { - "name" : "1015634", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015634" - }, - { - "name" : "18907", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18907" - }, - { - "name" : "macosx-system-call-dos(24682)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24682" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Mac OS X 10.4.5 and allows local users to cause a denial of service (crash) via an undocumented system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "macosx-system-call-dos(24682)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24682" + }, + { + "name": "18907", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18907" + }, + { + "name": "ADV-2006-0597", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0597" + }, + { + "name": "23190", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23190" + }, + { + "name": "1015634", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015634" + }, + { + "name": "16654", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16654" + }, + { + "name": "APPLE-SA-2006-02-14", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Feb/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0618.json b/2006/0xxx/CVE-2006-0618.json index d7fede13397..7dfead14de0 100644 --- a/2006/0xxx/CVE-2006-0618.json +++ b/2006/0xxx/CVE-2006-0618.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 allows local users to execute arbitrary code via format string specifiers in the zeroth argument (program name)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060207 QNX Neutrino RTOS fontsleuth Command Format String Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=380" - }, - { - "name" : "16539", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16539" - }, - { - "name" : "ADV-2006-0474", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0474" - }, - { - "name" : "22966", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22966" - }, - { - "name" : "1015599", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015599" - }, - { - "name" : "18750", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18750" - }, - { - "name" : "qnx-fontsleuth-format-string(24559)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24559" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 allows local users to execute arbitrary code via format string specifiers in the zeroth argument (program name)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "qnx-fontsleuth-format-string(24559)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24559" + }, + { + "name": "ADV-2006-0474", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0474" + }, + { + "name": "18750", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18750" + }, + { + "name": "20060207 QNX Neutrino RTOS fontsleuth Command Format String Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=380" + }, + { + "name": "1015599", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015599" + }, + { + "name": "22966", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22966" + }, + { + "name": "16539", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16539" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3134.json b/2006/3xxx/CVE-2006-3134.json index a0f3a14a670..6f09adc3538 100644 --- a/2006/3xxx/CVE-2006-3134.json +++ b/2006/3xxx/CVE-2006-3134.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in GraceNote CDDBControl ActiveX Control, as used by multiple products that use Gracenote CDDB, allows remote attackers to execute arbitrary code via a long option string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060627 ZDI-06-019: GraceNote CDDBControl ActiveX Buffer Overflow Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047420.html" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-019.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-019.html" - }, - { - "name" : "http://europe.nokia.com/nokia/0,,93034,00.html", - "refsource" : "MISC", - "url" : "http://europe.nokia.com/nokia/0,,93034,00.html" - }, - { - "name" : "http://www.gracenote.com/sec062706/SonySecurityNotification.html", - "refsource" : "CONFIRM", - "url" : "http://www.gracenote.com/sec062706/SonySecurityNotification.html" - }, - { - "name" : "VU#701121", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/701121" - }, - { - "name" : "18678", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18678" - }, - { - "name" : "ADV-2006-2562", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2562" - }, - { - "name" : "ADV-2006-2563", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2563" - }, - { - "name" : "26874", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26874" - }, - { - "name" : "1016389", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016389" - }, - { - "name" : "20861", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20861" - }, - { - "name" : "20862", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20862" - }, - { - "name" : "gracenote-cddb-activex-bo(27416)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27416" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in GraceNote CDDBControl ActiveX Control, as used by multiple products that use Gracenote CDDB, allows remote attackers to execute arbitrary code via a long option string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://europe.nokia.com/nokia/0,,93034,00.html", + "refsource": "MISC", + "url": "http://europe.nokia.com/nokia/0,,93034,00.html" + }, + { + "name": "18678", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18678" + }, + { + "name": "20060627 ZDI-06-019: GraceNote CDDBControl ActiveX Buffer Overflow Vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047420.html" + }, + { + "name": "26874", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26874" + }, + { + "name": "ADV-2006-2562", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2562" + }, + { + "name": "VU#701121", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/701121" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-019.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-019.html" + }, + { + "name": "ADV-2006-2563", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2563" + }, + { + "name": "http://www.gracenote.com/sec062706/SonySecurityNotification.html", + "refsource": "CONFIRM", + "url": "http://www.gracenote.com/sec062706/SonySecurityNotification.html" + }, + { + "name": "20861", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20861" + }, + { + "name": "1016389", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016389" + }, + { + "name": "gracenote-cddb-activex-bo(27416)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27416" + }, + { + "name": "20862", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20862" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3253.json b/2006/3xxx/CVE-2006-3253.json index 40d21e08cd2..91f979e60e2 100644 --- a/2006/3xxx/CVE-2006-3253.json +++ b/2006/3xxx/CVE-2006-3253.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate the issue and that \"the userid parameter is run through our filtering system as an unsigned integer.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060620 vBulletin<<--v3.5.X \"member.php\" Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437817/100/0/threaded" - }, - { - "name" : "20060623 Re: vBulletin<<--v3.5.X \"member.php\" Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438364/100/100/threaded" - }, - { - "name" : "18551", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18551" - }, - { - "name" : "27508", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27508" - }, - { - "name" : "1016348", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016348" - }, - { - "name" : "1155", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1155" - }, - { - "name" : "vbulletin-member-xss(27261)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27261" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate the issue and that \"the userid parameter is run through our filtering system as an unsigned integer.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27508", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27508" + }, + { + "name": "20060620 vBulletin<<--v3.5.X \"member.php\" Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437817/100/0/threaded" + }, + { + "name": "1155", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1155" + }, + { + "name": "1016348", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016348" + }, + { + "name": "vbulletin-member-xss(27261)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27261" + }, + { + "name": "20060623 Re: vBulletin<<--v3.5.X \"member.php\" Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438364/100/100/threaded" + }, + { + "name": "18551", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18551" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3261.json b/2006/3xxx/CVE-2006-3261.json index 074c2fa4c9c..864f07ad42a 100644 --- a/2006/3xxx/CVE-2006-3261.json +++ b/2006/3xxx/CVE-2006-3261.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3261", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3.5 allows remote attackers to inject arbitrary web script or HTML via the username field on the login page, which is not properly sanitized before being displayed in the error log." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060623 Trend Micro Control Manager (TMCM) Persistent XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438158/100/0/threaded" - }, - { - "name" : "18619", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18619" - }, - { - "name" : "ADV-2006-2526", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2526" - }, - { - "name" : "1016372", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016372" - }, - { - "name" : "20794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20794" - }, - { - "name" : "1159", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1159" - }, - { - "name" : "controlmanager-logfile-xss(27388)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27388" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3.5 allows remote attackers to inject arbitrary web script or HTML via the username field on the login page, which is not properly sanitized before being displayed in the error log." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016372", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016372" + }, + { + "name": "ADV-2006-2526", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2526" + }, + { + "name": "20794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20794" + }, + { + "name": "18619", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18619" + }, + { + "name": "1159", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1159" + }, + { + "name": "20060623 Trend Micro Control Manager (TMCM) Persistent XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438158/100/0/threaded" + }, + { + "name": "controlmanager-logfile-xss(27388)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27388" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3586.json b/2006/3xxx/CVE-2006-3586.json index 0001bf177c2..113c432a472 100644 --- a/2006/3xxx/CVE-2006-3586.json +++ b/2006/3xxx/CVE-2006-3586.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL commands via the (1) frontsession COOKIE parameter and (2) view parameter in index.php, and the (3) login parameter in admin/cms/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2006-3586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060802 Secunia Research: Jetbox Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441980/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2006-57/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-57/advisory/" - }, - { - "name" : "19303", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19303" - }, - { - "name" : "20889", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20889" - }, - { - "name" : "1339", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1339" - }, - { - "name" : "jetboxcms-index-sql-injection(28168)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28168" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL commands via the (1) frontsession COOKIE parameter and (2) view parameter in index.php, and the (3) login parameter in admin/cms/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jetboxcms-index-sql-injection(28168)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28168" + }, + { + "name": "19303", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19303" + }, + { + "name": "20060802 Secunia Research: Jetbox Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441980/100/0/threaded" + }, + { + "name": "1339", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1339" + }, + { + "name": "http://secunia.com/secunia_research/2006-57/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-57/advisory/" + }, + { + "name": "20889", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20889" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3710.json b/2006/3xxx/CVE-2006-3710.json index 80b55454359..055458cbb54 100644 --- a/2006/3xxx/CVE-2006-3710.json +++ b/2006/3xxx/CVE-2006-3710.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, 9.0.4.2, and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# (1) AS05 and (2) AS08." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" - }, - { - "name" : "TA06-200A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" - }, - { - "name" : "19054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19054" - }, - { - "name" : "ADV-2006-2863", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2863" - }, - { - "name" : "ADV-2006-2947", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2947" - }, - { - "name" : "1016529", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016529" - }, - { - "name" : "21111", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21111" - }, - { - "name" : "21165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21165" - }, - { - "name" : "oracle-cpu-july-2006(27897)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, 9.0.4.2, and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# (1) AS05 and (2) AS08." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016529", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016529" + }, + { + "name": "19054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19054" + }, + { + "name": "oracle-cpu-july-2006(27897)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" + }, + { + "name": "21165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21165" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded" + }, + { + "name": "ADV-2006-2947", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2947" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded" + }, + { + "name": "TA06-200A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" + }, + { + "name": "21111", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21111" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" + }, + { + "name": "ADV-2006-2863", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2863" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3936.json b/2006/3xxx/CVE-2006-3936.json index 4346606bf12..ef103210ad5 100644 --- a/2006/3xxx/CVE-2006-3936.json +++ b/2006/3xxx/CVE-2006-3936.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060726 Multiple vulnerabilities in OpenCMS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441182/100/0/threaded" - }, - { - "name" : "http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt", - "refsource" : "MISC", - "url" : "http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt" - }, - { - "name" : "http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip", - "refsource" : "MISC", - "url" : "http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip" - }, - { - "name" : "http://www.opencms.org/opencms/en/shownews.html?id=1002", - "refsource" : "MISC", - "url" : "http://www.opencms.org/opencms/en/shownews.html?id=1002" - }, - { - "name" : "21193", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21193" - }, - { - "name" : "1302", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1302" - }, - { - "name" : "opencms-editor-information-disclosure(28001)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21193", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21193" + }, + { + "name": "opencms-editor-information-disclosure(28001)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28001" + }, + { + "name": "http://www.opencms.org/opencms/en/shownews.html?id=1002", + "refsource": "MISC", + "url": "http://www.opencms.org/opencms/en/shownews.html?id=1002" + }, + { + "name": "1302", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1302" + }, + { + "name": "20060726 Multiple vulnerabilities in OpenCMS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441182/100/0/threaded" + }, + { + "name": "http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt", + "refsource": "MISC", + "url": "http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt" + }, + { + "name": "http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip", + "refsource": "MISC", + "url": "http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4408.json b/2006/4xxx/CVE-2006-4408.json index c665df18253..559d88ad897 100644 --- a/2006/4xxx/CVE-2006-4408.json +++ b/2006/4xxx/CVE-2006-4408.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=304829", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=304829" - }, - { - "name" : "APPLE-SA-2006-11-28", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" - }, - { - "name" : "TA06-333A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" - }, - { - "name" : "21335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21335" - }, - { - "name" : "ADV-2006-4750", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4750" - }, - { - "name" : "30730", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30730" - }, - { - "name" : "1017298", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017298" - }, - { - "name" : "23155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4750", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4750" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=304829", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=304829" + }, + { + "name": "21335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21335" + }, + { + "name": "30730", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30730" + }, + { + "name": "1017298", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017298" + }, + { + "name": "23155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23155" + }, + { + "name": "APPLE-SA-2006-11-28", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" + }, + { + "name": "TA06-333A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4527.json b/2006/4xxx/CVE-2006-4527.json index 11662e8f20c..deaabed9448 100644 --- a/2006/4xxx/CVE-2006-4527.json +++ b/2006/4xxx/CVE-2006-4527.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.gulftech.org/?node=research&article_id=00111-08282006&", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00111-08282006&" - }, - { - "name" : "http://cubecart.com/site/forums/index.php?showtopic=21540", - "refsource" : "CONFIRM", - "url" : "http://cubecart.com/site/forums/index.php?showtopic=21540" - }, - { - "name" : "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697", - "refsource" : "CONFIRM", - "url" : "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697" - }, - { - "name" : "19782", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19782" - }, - { - "name" : "21659", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21659" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21659", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21659" + }, + { + "name": "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697", + "refsource": "CONFIRM", + "url": "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697" + }, + { + "name": "19782", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19782" + }, + { + "name": "http://cubecart.com/site/forums/index.php?showtopic=21540", + "refsource": "CONFIRM", + "url": "http://cubecart.com/site/forums/index.php?showtopic=21540" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00111-08282006&", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00111-08282006&" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6195.json b/2006/6xxx/CVE-2006-6195.json index 3ea1bc119bc..8a33827d96f 100644 --- a/2006/6xxx/CVE-2006-6195.json +++ b/2006/6xxx/CVE-2006-6195.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) show_id or (2) parentid parameter to (a) filelist.asp, or the (3) fid parameter to (b) showfile.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061124 [Aria-Security Team] Fixit iDMS Pro Image Gallery SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452567/100/0/threaded" - }, - { - "name" : "http://www.aria-security.com/forum/showthread.php?t=39", - "refsource" : "MISC", - "url" : "http://www.aria-security.com/forum/showthread.php?t=39" - }, - { - "name" : "21282", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21282" - }, - { - "name" : "1017281", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017281" - }, - { - "name" : "fixit-idms-filelist-sql-injection(30513)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30513" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) show_id or (2) parentid parameter to (a) filelist.asp, or the (3) fid parameter to (b) showfile.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061124 [Aria-Security Team] Fixit iDMS Pro Image Gallery SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452567/100/0/threaded" + }, + { + "name": "fixit-idms-filelist-sql-injection(30513)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30513" + }, + { + "name": "http://www.aria-security.com/forum/showthread.php?t=39", + "refsource": "MISC", + "url": "http://www.aria-security.com/forum/showthread.php?t=39" + }, + { + "name": "21282", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21282" + }, + { + "name": "1017281", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017281" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6920.json b/2006/6xxx/CVE-2006-6920.json index 9652d97af6f..46e74e18633 100644 --- a/2006/6xxx/CVE-2006-6920.json +++ b/2006/6xxx/CVE-2006-6920.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.nucleuscms.org/item/3044", - "refsource" : "CONFIRM", - "url" : "http://www.nucleuscms.org/item/3044" - }, - { - "name" : "JVN#84656399", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2384656399/index.html" - }, - { - "name" : "21104", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21104" - }, - { - "name" : "ADV-2006-4495", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4495" - }, - { - "name" : "1017220", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017220" - }, - { - "name" : "22843", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22843" - }, - { - "name" : "nucleus-unspecified-xss(30254)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4495", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4495" + }, + { + "name": "http://www.nucleuscms.org/item/3044", + "refsource": "CONFIRM", + "url": "http://www.nucleuscms.org/item/3044" + }, + { + "name": "nucleus-unspecified-xss(30254)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30254" + }, + { + "name": "22843", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22843" + }, + { + "name": "1017220", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017220" + }, + { + "name": "21104", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21104" + }, + { + "name": "JVN#84656399", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2384656399/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2081.json b/2010/2xxx/CVE-2010-2081.json index b7fe7177aa3..3b3853bcff3 100644 --- a/2010/2xxx/CVE-2010-2081.json +++ b/2010/2xxx/CVE-2010-2081.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2081", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2081", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2108.json b/2010/2xxx/CVE-2010-2108.json index f81bee073a2..8e783817a4d 100644 --- a/2010/2xxx/CVE-2010-2108.json +++ b/2010/2xxx/CVE-2010-2108.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Google Chrome before 5.0.375.55 allows remote attackers to bypass the whitelist-mode plugin blocker via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=39740", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=39740" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:12126", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Google Chrome before 5.0.375.55 allows remote attackers to bypass the whitelist-mode plugin blocker via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html" + }, + { + "name": "oval:org.mitre.oval:def:12126", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12126" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=39740", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=39740" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2200.json b/2010/2xxx/CVE-2010-2200.json index 1167bddae3c..d89ee64d9fc 100644 --- a/2010/2xxx/CVE-2010-2200.json +++ b/2010/2xxx/CVE-2010-2200.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2200", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2200", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2397.json b/2010/2xxx/CVE-2010-2397.json index 080f6667fca..9a778ab4322 100644 --- a/2010/2xxx/CVE-2010-2397.json +++ b/2010/2xxx/CVE-2010-2397.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2397", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Java System Application Server 8.0, 8.1, and 8.2; and GlassFish Enterprise Server 2.1.1; allows local users to affect confidentiality and integrity, related to the GUI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-2397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Java System Application Server 8.0, 8.1, and 8.2; and GlassFish Enterprise Server 2.1.1; allows local users to affect confidentiality and integrity, related to the GUI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2511.json b/2010/2xxx/CVE-2010-2511.json index 8407b3b6e86..a11c5644552 100644 --- a/2010/2xxx/CVE-2010-2511.json +++ b/2010/2xxx/CVE-2010-2511.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in viewnews.php in 2daybiz Multi Level Marketing (MLM) Software allows remote attackers to execute arbitrary SQL commands via the nwsid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14005", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14005" - }, - { - "name" : "41097", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41097" - }, - { - "name" : "40340", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40340" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in viewnews.php in 2daybiz Multi Level Marketing (MLM) Software allows remote attackers to execute arbitrary SQL commands via the nwsid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14005", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14005" + }, + { + "name": "40340", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40340" + }, + { + "name": "41097", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41097" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2761.json b/2010/2xxx/CVE-2010-2761.json index 84f9c2f7cc0..a3ef098ad3d 100644 --- a/2010/2xxx/CVE-2010-2761.json +++ b/2010/2xxx/CVE-2010-2761.json @@ -1,232 +1,232 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20101201 CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/12/01/1" - }, - { - "name" : "[oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/12/01/3" - }, - { - "name" : "[oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/12/01/2" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=600464", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=600464" - }, - { - "name" : "http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes", - "refsource" : "CONFIRM", - "url" : "http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes" - }, - { - "name" : "http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm", - "refsource" : "CONFIRM", - "url" : "http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm" - }, - { - "name" : "http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1", - "refsource" : "CONFIRM", - "url" : "http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1" - }, - { - "name" : "http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html", - "refsource" : "CONFIRM", - "url" : "http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html" - }, - { - "name" : "https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380", - "refsource" : "CONFIRM", - "url" : "https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380" - }, - { - "name" : "http://www.bugzilla.org/security/3.2.9/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/3.2.9/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=591165", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=591165" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" - }, - { - "name" : "FEDORA-2011-0631", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html" - }, - { - "name" : "FEDORA-2011-0653", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html" - }, - { - "name" : "FEDORA-2011-0741", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html" - }, - { - "name" : "FEDORA-2011-0755", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html" - }, - { - "name" : "MDVSA-2010:237", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:237" - }, - { - "name" : "MDVSA-2010:250", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:250" - }, - { - "name" : "RHSA-2011:1797", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1797.html" - }, - { - "name" : "SUSE-SR:2011:001", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "SUSE-SR:2011:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" - }, - { - "name" : "69589", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69589" - }, - { - "name" : "69588", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/69588" - }, - { - "name" : "42877", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42877" - }, - { - "name" : "43033", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43033" - }, - { - "name" : "43147", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43147" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "43165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43165" - }, - { - "name" : "ADV-2011-0076", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0076" - }, - { - "name" : "ADV-2011-0207", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0207" - }, - { - "name" : "ADV-2011-0249", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0249" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - }, - { - "name" : "ADV-2011-0271", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0271" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm", + "refsource": "CONFIRM", + "url": "http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm" + }, + { + "name": "RHSA-2011:1797", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1797.html" + }, + { + "name": "SUSE-SR:2011:001", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html" + }, + { + "name": "FEDORA-2011-0653", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html" + }, + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "[oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/12/01/2" + }, + { + "name": "69588", + "refsource": "OSVDB", + "url": "http://osvdb.org/69588" + }, + { + "name": "43165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43165" + }, + { + "name": "[oss-security] 20101201 Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/12/01/3" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=591165", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=591165" + }, + { + "name": "https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380", + "refsource": "CONFIRM", + "url": "https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380" + }, + { + "name": "http://www.bugzilla.org/security/3.2.9/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/3.2.9/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=600464", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=600464" + }, + { + "name": "FEDORA-2011-0741", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html" + }, + { + "name": "SUSE-SR:2011:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" + }, + { + "name": "ADV-2011-0271", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0271" + }, + { + "name": "43033", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43033" + }, + { + "name": "ADV-2011-0207", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0207" + }, + { + "name": "42877", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42877" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1", + "refsource": "CONFIRM", + "url": "http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1" + }, + { + "name": "ADV-2011-0249", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0249" + }, + { + "name": "FEDORA-2011-0755", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html" + }, + { + "name": "MDVSA-2010:250", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:250" + }, + { + "name": "http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html", + "refsource": "CONFIRM", + "url": "http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html" + }, + { + "name": "MDVSA-2010:237", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:237" + }, + { + "name": "69589", + "refsource": "OSVDB", + "url": "http://osvdb.org/69589" + }, + { + "name": "ADV-2011-0076", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0076" + }, + { + "name": "[oss-security] 20101201 CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/12/01/1" + }, + { + "name": "http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes", + "refsource": "CONFIRM", + "url": "http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes" + }, + { + "name": "FEDORA-2011-0631", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705" + }, + { + "name": "43147", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43147" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3579.json b/2010/3xxx/CVE-2010-3579.json index a5763814871..662ef4b63c2 100644 --- a/2010/3xxx/CVE-2010-3579.json +++ b/2010/3xxx/CVE-2010-3579.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Java Communications Suite 7 components in Oracle Sun Products Suite 1.0 and 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-3579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "TA10-287A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Java Communications Suite 7 components in Oracle Sun Products Suite 1.0 and 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "TA10-287A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0208.json b/2011/0xxx/CVE-2011-0208.json index be6650bf0c9..6b1db056512 100644 --- a/2011/0xxx/CVE-2011-0208.json +++ b/2011/0xxx/CVE-2011-0208.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0208", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0208", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4723", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4723" - }, - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "APPLE-SA-2011-06-23-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4723", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4723" + }, + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "APPLE-SA-2011-06-23-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0222.json b/2011/0xxx/CVE-2011-0222.json index 9467757d412..652982b60b2 100644 --- a/2011/0xxx/CVE-2011-0222.json +++ b/2011/0xxx/CVE-2011-0222.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4808", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4808" - }, - { - "name" : "http://support.apple.com/kb/HT4981", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4981" - }, - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "APPLE-SA-2011-07-20-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" - }, - { - "name" : "APPLE-SA-2011-10-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - }, - { - "name" : "8313", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8313" - }, - { - "name" : "8315", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8315" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4981", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4981" + }, + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "APPLE-SA-2011-10-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" + }, + { + "name": "8313", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8313" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + }, + { + "name": "http://support.apple.com/kb/HT4808", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4808" + }, + { + "name": "APPLE-SA-2011-07-20-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" + }, + { + "name": "8315", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8315" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0579.json b/2011/0xxx/CVE-2011-0579.json index 946235442c4..c95c706d3c7 100644 --- a/2011/0xxx/CVE-2011-0579.json +++ b/2011/0xxx/CVE-2011-0579.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-0579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-12.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-12.html" - }, - { - "name" : "oval:org.mitre.oval:def:13379", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13379" - }, - { - "name" : "oval:org.mitre.oval:def:15903", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15903" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15903", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15903" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-12.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" + }, + { + "name": "oval:org.mitre.oval:def:13379", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13379" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0973.json b/2011/0xxx/CVE-2011-0973.json index e03cf005109..4e0ff7a37ca 100644 --- a/2011/0xxx/CVE-2011-0973.json +++ b/2011/0xxx/CVE-2011-0973.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0973", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0973", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1065.json b/2011/1xxx/CVE-2011-1065.json index 058cf853cd4..151a1953284 100644 --- a/2011/1xxx/CVE-2011-1065.json +++ b/2011/1xxx/CVE-2011-1065.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the PIPIWebPlayer ActiveX control (PIWebPlayer.ocx) in PIPI Player 2.8.0.0 allow remote attackers to execute arbitrary code via long arguments to the (1) PlayURL or (2) PlayURLWithLocalPlayer methods." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wooyun.org/bugs/wooyun-2010-01382", - "refsource" : "MISC", - "url" : "http://www.wooyun.org/bugs/wooyun-2010-01382" - }, - { - "name" : "http://www.wooyun.org/bugs/wooyun-2010-01383", - "refsource" : "MISC", - "url" : "http://www.wooyun.org/bugs/wooyun-2010-01383" - }, - { - "name" : "46468", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46468" - }, - { - "name" : "43394", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43394" - }, - { - "name" : "pipiplayer-activex-control-bo(65537)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the PIPIWebPlayer ActiveX control (PIWebPlayer.ocx) in PIPI Player 2.8.0.0 allow remote attackers to execute arbitrary code via long arguments to the (1) PlayURL or (2) PlayURLWithLocalPlayer methods." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43394", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43394" + }, + { + "name": "http://www.wooyun.org/bugs/wooyun-2010-01383", + "refsource": "MISC", + "url": "http://www.wooyun.org/bugs/wooyun-2010-01383" + }, + { + "name": "http://www.wooyun.org/bugs/wooyun-2010-01382", + "refsource": "MISC", + "url": "http://www.wooyun.org/bugs/wooyun-2010-01382" + }, + { + "name": "46468", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46468" + }, + { + "name": "pipiplayer-activex-control-bo(65537)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65537" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1230.json b/2011/1xxx/CVE-2011-1230.json index 6ccb1740ce6..22a4ca11836 100644 --- a/2011/1xxx/CVE-2011-1230.json +++ b/2011/1xxx/CVE-2011-1230.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other \"Vulnerability Type 2\" CVEs listed in MS11-034, aka \"Win32k Null Pointer De-reference Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", - "refsource" : "MISC", - "url" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100133352", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100133352" - }, - { - "name" : "MS11-034", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" - }, - { - "name" : "TA11-102A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" - }, - { - "name" : "47230", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47230" - }, - { - "name" : "71736", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/71736" - }, - { - "name" : "oval:org.mitre.oval:def:12164", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12164" - }, - { - "name" : "1025345", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025345" - }, - { - "name" : "44156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44156" - }, - { - "name" : "ADV-2011-0952", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0952" - }, - { - "name" : "mswin-win32k-var18-priv-escalation(66412)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66412" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other \"Vulnerability Type 2\" CVEs listed in MS11-034, aka \"Win32k Null Pointer De-reference Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-102A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" + }, + { + "name": "47230", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47230" + }, + { + "name": "MS11-034", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" + }, + { + "name": "ADV-2011-0952", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0952" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100133352", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100133352" + }, + { + "name": "71736", + "refsource": "OSVDB", + "url": "http://osvdb.org/71736" + }, + { + "name": "mswin-win32k-var18-priv-escalation(66412)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66412" + }, + { + "name": "44156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44156" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", + "refsource": "MISC", + "url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" + }, + { + "name": "1025345", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025345" + }, + { + "name": "oval:org.mitre.oval:def:12164", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12164" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1263.json b/2011/1xxx/CVE-2011-1263.json index 59145cac68d..464ebb8c48e 100644 --- a/2011/1xxx/CVE-2011-1263.json +++ b/2011/1xxx/CVE-2011-1263.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka \"Remote Desktop Web Access Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-061", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-061" - }, - { - "name" : "TA11-221A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-221A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12792", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12792" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka \"Remote Desktop Web Access Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS11-061", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-061" + }, + { + "name": "oval:org.mitre.oval:def:12792", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12792" + }, + { + "name": "TA11-221A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1312.json b/2011/1xxx/CVE-2011-1312.json index 4510b14e4a9..c98e5742668 100644 --- a/2011/1xxx/CVE-2011-1312.json +++ b/2011/1xxx/CVE-2011-1312.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a (1) user or (2) group to an administrator role." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" - }, - { - "name" : "PK88606", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK88606" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a (1) user or (2) group to an administrator role." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PK88606", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK88606" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4963.json b/2011/4xxx/CVE-2011-4963.json index 9c22bdb9ef3..4e12124fa6a 100644 --- a/2011/4xxx/CVE-2011-4963.json +++ b/2011/4xxx/CVE-2011-4963.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain \"$index_allocation\" sequences in a request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[nginx-announce] 20120605 security advisory", - "refsource" : "MLIST", - "url" : "http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html" - }, - { - "name" : "http://english.securitylab.ru/lab/PT-2012-06", - "refsource" : "MISC", - "url" : "http://english.securitylab.ru/lab/PT-2012-06" - }, - { - "name" : "http://nginx.org/en/security_advisories.html", - "refsource" : "CONFIRM", - "url" : "http://nginx.org/en/security_advisories.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain \"$index_allocation\" sequences in a request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://english.securitylab.ru/lab/PT-2012-06", + "refsource": "MISC", + "url": "http://english.securitylab.ru/lab/PT-2012-06" + }, + { + "name": "http://nginx.org/en/security_advisories.html", + "refsource": "CONFIRM", + "url": "http://nginx.org/en/security_advisories.html" + }, + { + "name": "[nginx-announce] 20120605 security advisory", + "refsource": "MLIST", + "url": "http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5091.json b/2011/5xxx/CVE-2011-5091.json index 6a205c4c4ce..6ceab9159c7 100644 --- a/2011/5xxx/CVE-2011-5091.json +++ b/2011/5xxx/CVE-2011-5091.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in GR Board (aka grboard) 1.8.6.5 Community Edition allow remote attackers to execute arbitrary SQL commands via the (1) tableType or (2) blindTarget parameter to view.php, (3) the delTargets[0] parameter to view_memo.php, or (4) the isReported parameter to write_ok.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sirini.net/grboard/board.php?id=developer&articleNo=591", - "refsource" : "CONFIRM", - "url" : "http://sirini.net/grboard/board.php?id=developer&articleNo=591" - }, - { - "name" : "grboard-multiple-sql-injection(75855)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75855" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in GR Board (aka grboard) 1.8.6.5 Community Edition allow remote attackers to execute arbitrary SQL commands via the (1) tableType or (2) blindTarget parameter to view.php, (3) the delTargets[0] parameter to view_memo.php, or (4) the isReported parameter to write_ok.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sirini.net/grboard/board.php?id=developer&articleNo=591", + "refsource": "CONFIRM", + "url": "http://sirini.net/grboard/board.php?id=developer&articleNo=591" + }, + { + "name": "grboard-multiple-sql-injection(75855)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75855" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5319.json b/2011/5xxx/CVE-2011-5319.json index 109ef0026fa..98d4b3d4287 100644 --- a/2011/5xxx/CVE-2011-5319.json +++ b/2011/5xxx/CVE-2011-5319.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "content/renderer/device_sensors/device_motion_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate accelerometer data, which makes it easier for remote attackers to capture keystrokes via a crafted web site that listens for ondevicemotion events, a different vulnerability than CVE-2015-1231." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dl.acm.org/citation.cfm?id=2046771", - "refsource" : "MISC", - "url" : "http://dl.acm.org/citation.cfm?id=2046771" - }, - { - "name" : "http://www.cc.gatech.edu/~traynor/papers/traynor-ccs11.pdf", - "refsource" : "MISC", - "url" : "http://www.cc.gatech.edu/~traynor/papers/traynor-ccs11.pdf" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=421691", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=421691" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=463349", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=463349" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "content/renderer/device_sensors/device_motion_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate accelerometer data, which makes it easier for remote attackers to capture keystrokes via a crafted web site that listens for ondevicemotion events, a different vulnerability than CVE-2015-1231." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dl.acm.org/citation.cfm?id=2046771", + "refsource": "MISC", + "url": "http://dl.acm.org/citation.cfm?id=2046771" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=421691", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=421691" + }, + { + "name": "http://www.cc.gatech.edu/~traynor/papers/traynor-ccs11.pdf", + "refsource": "MISC", + "url": "http://www.cc.gatech.edu/~traynor/papers/traynor-ccs11.pdf" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=463349", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=463349" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2046.json b/2014/2xxx/CVE-2014-2046.json index 11ee1add8b3..b8f136543ab 100644 --- a/2014/2xxx/CVE-2014-2046.json +++ b/2014/2xxx/CVE-2014-2046.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2046", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information via a certain request to the config.getValuesHashExcludePaths method or (2) modify the firmware via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140513 CVE-2014-2046 - Unauthenticated Credential And Configuration Retrieval In Broadcom Ltd PIPA C211", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/May/58" - }, - { - "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2046/", - "refsource" : "MISC", - "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2046/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information via a certain request to the config.getValuesHashExcludePaths method or (2) modify the firmware via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2046/", + "refsource": "MISC", + "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2046/" + }, + { + "name": "20140513 CVE-2014-2046 - Unauthenticated Credential And Configuration Retrieval In Broadcom Ltd PIPA C211", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/May/58" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3215.json b/2014/3xxx/CVE-2014-3215.json index 440c82c7007..b80aa880314 100644 --- a/2014/3xxx/CVE-2014-3215.json +++ b/2014/3xxx/CVE-2014-3215.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140429 local privilege escalation due to capng_lock as used in seunshare", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/04/29/7" - }, - { - "name" : "[oss-security] 20140430 Re: local privilege escalation due to capng_lock as used in seunshare", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/04/30/4" - }, - { - "name" : "[oss-security] 20140507 Re: local privilege escalation due to capng_lock as used in seunshare", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/05/08/1" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0251.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0251.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "MDVSA-2015:156", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:156" - }, - { - "name" : "RHSA-2015:0864", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0864.html" - }, - { - "name" : "openSUSE-SU-2014:0749", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-06/msg00008.html" - }, - { - "name" : "67341", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67341" - }, - { - "name" : "59007", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59007" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67341", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67341" + }, + { + "name": "openSUSE-SU-2014:0749", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00008.html" + }, + { + "name": "[oss-security] 20140507 Re: local privilege escalation due to capng_lock as used in seunshare", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/05/08/1" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0251.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0251.html" + }, + { + "name": "59007", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59007" + }, + { + "name": "RHSA-2015:0864", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0864.html" + }, + { + "name": "MDVSA-2015:156", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:156" + }, + { + "name": "[oss-security] 20140430 Re: local privilege escalation due to capng_lock as used in seunshare", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/04/30/4" + }, + { + "name": "[oss-security] 20140429 local privilege escalation due to capng_lock as used in seunshare", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/04/29/7" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3740.json b/2014/3xxx/CVE-2014-3740.json index 2a323c803fe..1ecf39a47a7 100644 --- a/2014/3xxx/CVE-2014-3740.json +++ b/2014/3xxx/CVE-2014-3740.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3740", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140607 CVE-2014-3740 - SpiceWorks Cross-site scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532346/100/0/threaded" - }, - { - "name" : "33330", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33330" - }, - { - "name" : "20140608 CVE-2014-3740 - SpiceWorks Cross-site scripting", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jun/42" - }, - { - "name" : "http://packetstormsecurity.com/files/126596/SpiceWorks-7.2.00174-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126596/SpiceWorks-7.2.00174-Cross-Site-Scripting.html" - }, - { - "name" : "http://research.openflare.org/advisories/OF-2014-07/spiceworks_xss.txt", - "refsource" : "MISC", - "url" : "http://research.openflare.org/advisories/OF-2014-07/spiceworks_xss.txt" - }, - { - "name" : "http://research.openflare.org/poc/OF-2014-07/spiceworks_crafted_ticket.mp4", - "refsource" : "MISC", - "url" : "http://research.openflare.org/poc/OF-2014-07/spiceworks_crafted_ticket.mp4" - }, - { - "name" : "http://packetstormsecurity.com/files/126994/SpiceWorks-IT-Ticketing-System-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126994/SpiceWorks-IT-Ticketing-System-Cross-Site-Scripting.html" - }, - { - "name" : "106916", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/106916" - }, - { - "name" : "58522", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140607 CVE-2014-3740 - SpiceWorks Cross-site scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532346/100/0/threaded" + }, + { + "name": "106916", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/106916" + }, + { + "name": "20140608 CVE-2014-3740 - SpiceWorks Cross-site scripting", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jun/42" + }, + { + "name": "http://packetstormsecurity.com/files/126994/SpiceWorks-IT-Ticketing-System-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126994/SpiceWorks-IT-Ticketing-System-Cross-Site-Scripting.html" + }, + { + "name": "33330", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33330" + }, + { + "name": "http://research.openflare.org/advisories/OF-2014-07/spiceworks_xss.txt", + "refsource": "MISC", + "url": "http://research.openflare.org/advisories/OF-2014-07/spiceworks_xss.txt" + }, + { + "name": "58522", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58522" + }, + { + "name": "http://research.openflare.org/poc/OF-2014-07/spiceworks_crafted_ticket.mp4", + "refsource": "MISC", + "url": "http://research.openflare.org/poc/OF-2014-07/spiceworks_crafted_ticket.mp4" + }, + { + "name": "http://packetstormsecurity.com/files/126596/SpiceWorks-7.2.00174-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126596/SpiceWorks-7.2.00174-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3863.json b/2014/3xxx/CVE-2014-3863.json index 957e8697481..08b1443c46f 100644 --- a/2014/3xxx/CVE-2014-3863.json +++ b/2014/3xxx/CVE-2014-3863.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the JChatSocial component before 2.3 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the filename parameter in a file upload in an active JChat chat window." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140707 CVE-2014-3863 - Stored XSS in JChatSocial", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532662/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/127372/Joomla-JChatSocial-2.2-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127372/Joomla-JChatSocial-2.2-Cross-Site-Scripting.html" - }, - { - "name" : "68424", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68424" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the JChatSocial component before 2.3 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the filename parameter in a file upload in an active JChat chat window." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68424", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68424" + }, + { + "name": "20140707 CVE-2014-3863 - Stored XSS in JChatSocial", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532662/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/127372/Joomla-JChatSocial-2.2-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127372/Joomla-JChatSocial-2.2-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3997.json b/2014/3xxx/CVE-2014-3997.json index ad9de9aa628..62452e045d6 100644 --- a/2014/3xxx/CVE-2014-3997.json +++ b/2014/3xxx/CVE-2014-3997.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to MetadataServlet.dat." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140819 [The ManageOwnage Series, part I]: blind SQL injection in two servlets (metasploit module included)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Aug/55" - }, - { - "name" : "20140830 Re: [The ManageOwnage Series, part I]: blind SQL injection in two servlets (metasploit module included)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Aug/85" - }, - { - "name" : "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_dc_pmp_it360_sqli.txt", - "refsource" : "MISC", - "url" : "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_dc_pmp_it360_sqli.txt" - }, - { - "name" : "https://raw.githubusercontent.com/pedrib/PoC/master/msf_modules/manageengine_dc_pmp_sqli.rb", - "refsource" : "MISC", - "url" : "https://raw.githubusercontent.com/pedrib/PoC/master/msf_modules/manageengine_dc_pmp_sqli.rb" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to MetadataServlet.dat." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140819 [The ManageOwnage Series, part I]: blind SQL injection in two servlets (metasploit module included)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Aug/55" + }, + { + "name": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_dc_pmp_it360_sqli.txt", + "refsource": "MISC", + "url": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_dc_pmp_it360_sqli.txt" + }, + { + "name": "https://raw.githubusercontent.com/pedrib/PoC/master/msf_modules/manageengine_dc_pmp_sqli.rb", + "refsource": "MISC", + "url": "https://raw.githubusercontent.com/pedrib/PoC/master/msf_modules/manageengine_dc_pmp_sqli.rb" + }, + { + "name": "20140830 Re: [The ManageOwnage Series, part I]: blind SQL injection in two servlets (metasploit module included)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Aug/85" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6158.json b/2014/6xxx/CVE-2014-6158.json index cedce8a3c8d..0c957d6e33e 100644 --- a/2014/6xxx/CVE-2014-6158.json +++ b/2014/6xxx/CVE-2014-6158.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693292", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693292" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693440", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693440" - }, - { - "name" : "61956", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61956" - }, - { - "name" : "62032", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62032" - }, - { - "name" : "ibm-pas-cve20146158-traversal(97707)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97707" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62032", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62032" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693292", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693292" + }, + { + "name": "61956", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61956" + }, + { + "name": "ibm-pas-cve20146158-traversal(97707)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97707" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693440", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693440" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6399.json b/2014/6xxx/CVE-2014-6399.json index 0f028e50f16..c6f6fe5831e 100644 --- a/2014/6xxx/CVE-2014-6399.json +++ b/2014/6xxx/CVE-2014-6399.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6399", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6399", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6523.json b/2014/6xxx/CVE-2014-6523.json index 5c0d2e73b76..0cb90db4fb6 100644 --- a/2014/6xxx/CVE-2014-6523.json +++ b/2014/6xxx/CVE-2014-6523.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality via vectors related to REST Interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70461" - }, - { - "name" : "1031042", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031042" - }, - { - "name" : "61781", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality via vectors related to REST Interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61781", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61781" + }, + { + "name": "1031042", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031042" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "70461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70461" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7031.json b/2014/7xxx/CVE-2014-7031.json index 19bfcc8aec2..255adc53795 100644 --- a/2014/7xxx/CVE-2014-7031.json +++ b/2014/7xxx/CVE-2014-7031.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RedAtoms Three (aka com.redatoms.mojodroid.tw.gp) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#139417", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/139417" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RedAtoms Three (aka com.redatoms.mojodroid.tw.gp) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#139417", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/139417" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7215.json b/2014/7xxx/CVE-2014-7215.json index f4e65cfad82..e981fbd729d 100644 --- a/2014/7xxx/CVE-2014-7215.json +++ b/2014/7xxx/CVE-2014-7215.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7215", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7215", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7950.json b/2014/7xxx/CVE-2014-7950.json index 630d93adc92..538da43ad21 100644 --- a/2014/7xxx/CVE-2014-7950.json +++ b/2014/7xxx/CVE-2014-7950.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7950", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7950", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8983.json b/2014/8xxx/CVE-2014-8983.json index d1bfff83504..89ca45e54b2 100644 --- a/2014/8xxx/CVE-2014-8983.json +++ b/2014/8xxx/CVE-2014-8983.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8983", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8983", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2096.json b/2016/2xxx/CVE-2016-2096.json index d85a96d1f24..835f38a1374 100644 --- a/2016/2xxx/CVE-2016-2096.json +++ b/2016/2xxx/CVE-2016-2096.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2096", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2096", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2411.json b/2016/2xxx/CVE-2016-2411.json index d89a028559f..aeb1f6011e9 100644 --- a/2016/2xxx/CVE-2016-2411.json +++ b/2016/2xxx/CVE-2016-2411.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Qualcomm Power Management kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages root access, aka internal bug 26866053." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-04-02.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-04-02.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Qualcomm Power Management kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages root access, aka internal bug 26866053." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-04-02.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-04-02.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2629.json b/2016/2xxx/CVE-2016-2629.json index 18a47396dee..81804e6734b 100644 --- a/2016/2xxx/CVE-2016-2629.json +++ b/2016/2xxx/CVE-2016-2629.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2629", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2629", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2726.json b/2016/2xxx/CVE-2016-2726.json index 9f49feb117c..e5bb0fe5071 100644 --- a/2016/2xxx/CVE-2016-2726.json +++ b/2016/2xxx/CVE-2016-2726.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2726", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2726", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18194.json b/2017/18xxx/CVE-2017-18194.json index 61a0de2944b..4a3af51af33 100644 --- a/2017/18xxx/CVE-2017-18194.json +++ b/2017/18xxx/CVE-2017-18194.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in users/signup.php in the \"signup\" component in HamayeshNegar CMS allows a remote attacker to execute arbitrary SQL commands via the \"utype\" parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cxsecurity.com/issue/WLB-2017090094", - "refsource" : "MISC", - "url" : "https://cxsecurity.com/issue/WLB-2017090094" - }, - { - "name" : "https://cxsecurity.com/issue/WLB-2018020267", - "refsource" : "MISC", - "url" : "https://cxsecurity.com/issue/WLB-2018020267" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in users/signup.php in the \"signup\" component in HamayeshNegar CMS allows a remote attacker to execute arbitrary SQL commands via the \"utype\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cxsecurity.com/issue/WLB-2017090094", + "refsource": "MISC", + "url": "https://cxsecurity.com/issue/WLB-2017090094" + }, + { + "name": "https://cxsecurity.com/issue/WLB-2018020267", + "refsource": "MISC", + "url": "https://cxsecurity.com/issue/WLB-2018020267" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18324.json b/2017/18xxx/CVE-2017-18324.json index 8ea3e3fd833..09e5c6d013f 100644 --- a/2017/18xxx/CVE-2017-18324.json +++ b/2017/18xxx/CVE-2017-18324.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-18324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, SD 855, SDX24, Snapdragon_High_Med_2016" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cryptographic key material leaked in debug messages - GERAN in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, SD 855, SDX24, Snapdragon_High_Med_2016." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure in GERAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-18324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, SD 855, SDX24, Snapdragon_High_Med_2016" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - }, - { - "name" : "106128", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cryptographic key material leaked in debug messages - GERAN in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, SD 855, SDX24, Snapdragon_High_Med_2016." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure in GERAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "106128", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106128" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1038.json b/2017/1xxx/CVE-2017-1038.json index 6bba0839a09..bb3fc57b43f 100644 --- a/2017/1xxx/CVE-2017-1038.json +++ b/2017/1xxx/CVE-2017-1038.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1038", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1038", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1191.json b/2017/1xxx/CVE-2017-1191.json index cbdaf608e32..819938848dc 100644 --- a/2017/1xxx/CVE-2017-1191.json +++ b/2017/1xxx/CVE-2017-1191.json @@ -1,116 +1,116 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-12-18T00:00:00", - "ID" : "CVE-2017-1191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Collaborative Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "4.0" - }, - { - "version_value" : "4.0.1" - }, - { - "version_value" : "4.0.2" - }, - { - "version_value" : "4.0.3" - }, - { - "version_value" : "4.0.4" - }, - { - "version_value" : "4.0.5" - }, - { - "version_value" : "4.0.6" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "4.0.7" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-12-18T00:00:00", + "ID": "CVE-2017-1191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Collaborative Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "4.0" + }, + { + "version_value": "4.0.1" + }, + { + "version_value": "4.0.2" + }, + { + "version_value": "4.0.3" + }, + { + "version_value": "4.0.4" + }, + { + "version_value": "4.0.5" + }, + { + "version_value": "4.0.6" + }, + { + "version_value": "5.0" + }, + { + "version_value": "4.0.7" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123661", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123661" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22011815", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22011815" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22011815", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22011815" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123661", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123661" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1708.json b/2017/1xxx/CVE-2017-1708.json index 2f596024890..be3c5f3d7cc 100644 --- a/2017/1xxx/CVE-2017-1708.json +++ b/2017/1xxx/CVE-2017-1708.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1708", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1708", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5073.json b/2017/5xxx/CVE-2017-5073.json index 2d10e869dc3..9ef928d0bf5 100644 --- a/2017/5xxx/CVE-2017-5073.json +++ b/2017/5xxx/CVE-2017-5073.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use after free in print preview in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/716474", - "refsource" : "MISC", - "url" : "https://crbug.com/716474" - }, - { - "name" : "GLSA-201706-20", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-20" - }, - { - "name" : "RHSA-2017:1399", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1399" - }, - { - "name" : "98861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98861" - }, - { - "name" : "1038622", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use after free in print preview in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98861" + }, + { + "name": "RHSA-2017:1399", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1399" + }, + { + "name": "https://crbug.com/716474", + "refsource": "MISC", + "url": "https://crbug.com/716474" + }, + { + "name": "1038622", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038622" + }, + { + "name": "GLSA-201706-20", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-20" + }, + { + "name": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5984.json b/2017/5xxx/CVE-2017-5984.json index e66925c16bd..1b02595a032 100644 --- a/2017/5xxx/CVE-2017-5984.json +++ b/2017/5xxx/CVE-2017-5984.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5984", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5984", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file