diff --git a/2006/0xxx/CVE-2006-0116.json b/2006/0xxx/CVE-2006-0116.json index 9734c9507be..8d10fa0d7bd 100644 --- a/2006/0xxx/CVE-2006-0116.json +++ b/2006/0xxx/CVE-2006-0116.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability search.inetstore in iNETstore Ebusiness Software 2.0 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://osvdb.org/ref/22/22251-inetstore.txt", - "refsource" : "MISC", - "url" : "http://osvdb.org/ref/22/22251-inetstore.txt" - }, - { - "name" : "20060126 Re: [OSVDB Mods] iNETstore E Commerce Solution - Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/423137/100/0/threaded" - }, - { - "name" : "20060127 vendor confirms versions: iNETstore E Commerce Solution - Cross Site Scripting (fwd)", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-January/000515.html" - }, - { - "name" : "16156", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16156" - }, - { - "name" : "ADV-2006-0075", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0075" - }, - { - "name" : "22251", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22251" - }, - { - "name" : "18322", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18322" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability search.inetstore in iNETstore Ebusiness Software 2.0 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0075", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0075" + }, + { + "name": "http://osvdb.org/ref/22/22251-inetstore.txt", + "refsource": "MISC", + "url": "http://osvdb.org/ref/22/22251-inetstore.txt" + }, + { + "name": "22251", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22251" + }, + { + "name": "20060126 Re: [OSVDB Mods] iNETstore E Commerce Solution - Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/423137/100/0/threaded" + }, + { + "name": "18322", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18322" + }, + { + "name": "16156", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16156" + }, + { + "name": "20060127 vendor confirms versions: iNETstore E Commerce Solution - Cross Site Scripting (fwd)", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-January/000515.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0745.json b/2006/0xxx/CVE-2006-0745.json index b1563e59c51..a92628fd13a 100644 --- a/2006/0xxx/CVE-2006-0745.json +++ b/2006/0xxx/CVE-2006-0745.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-0745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060320 [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428183/100/0/threaded" - }, - { - "name" : "20060320 Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/428230/100/0/threaded" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm" - }, - { - "name" : "FEDORA-2006-172", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00026.html" - }, - { - "name" : "MDKSA-2006:056", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:056" - }, - { - "name" : "102252", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102252-1" - }, - { - "name" : "SUSE-SA:2006:016", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_16_xorgx11server.html" - }, - { - "name" : "17169", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17169" - }, - { - "name" : "ADV-2006-1017", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1017" - }, - { - "name" : "ADV-2006-1028", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1028" - }, - { - "name" : "24000", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24000" - }, - { - "name" : "24001", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24001" - }, - { - "name" : "oval:org.mitre.oval:def:1697", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1697" - }, - { - "name" : "1015793", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015793" - }, - { - "name" : "19311", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19311" - }, - { - "name" : "19256", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19256" - }, - { - "name" : "19307", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19307" - }, - { - "name" : "19316", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19316" - }, - { - "name" : "19676", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19676" - }, - { - "name" : "606", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/606" - }, - { - "name" : "xorg-geteuid-privilege-escalation(25341)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25341" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2006:056", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:056" + }, + { + "name": "20060320 Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428230/100/0/threaded" + }, + { + "name": "xorg-geteuid-privilege-escalation(25341)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25341" + }, + { + "name": "FEDORA-2006-172", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00026.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm" + }, + { + "name": "20060320 [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/428183/100/0/threaded" + }, + { + "name": "1015793", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015793" + }, + { + "name": "19256", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19256" + }, + { + "name": "102252", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102252-1" + }, + { + "name": "24000", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24000" + }, + { + "name": "19676", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19676" + }, + { + "name": "19316", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19316" + }, + { + "name": "24001", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24001" + }, + { + "name": "ADV-2006-1017", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1017" + }, + { + "name": "606", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/606" + }, + { + "name": "17169", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17169" + }, + { + "name": "SUSE-SA:2006:016", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_16_xorgx11server.html" + }, + { + "name": "ADV-2006-1028", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1028" + }, + { + "name": "19307", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19307" + }, + { + "name": "19311", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19311" + }, + { + "name": "oval:org.mitre.oval:def:1697", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1697" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3008.json b/2006/3xxx/CVE-2006-3008.json index 37809065768..eafd2f6e1f7 100644 --- a/2006/3xxx/CVE-2006-3008.json +++ b/2006/3xxx/CVE-2006-3008.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3008", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2904. Reason: This candidate is a duplicate of CVE-2006-2904. Notes: All CVE users should reference CVE-2006-2904 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-3008", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2904. Reason: This candidate is a duplicate of CVE-2006-2904. Notes: All CVE users should reference CVE-2006-2904 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3096.json b/2006/3xxx/CVE-2006-3096.json index 914db026b75..d5e76382ada 100644 --- a/2006/3xxx/CVE-2006-3096.json +++ b/2006/3xxx/CVE-2006-3096.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in iPostMX 2005 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) forum parameter in messagepost.cfm and (2) topic parameter in topics.cfm. NOTE: this item was created based on information in a blog entry that was apparently removed after CVE analysis. As of 20060619, CVE is attempting to determine the cause of the removal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/ipostmx-2005-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/ipostmx-2005-vuln.html" - }, - { - "name" : "ipost-forum-sql-injection(27144)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in iPostMX 2005 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) forum parameter in messagepost.cfm and (2) topic parameter in topics.cfm. NOTE: this item was created based on information in a blog entry that was apparently removed after CVE analysis. As of 20060619, CVE is attempting to determine the cause of the removal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ipost-forum-sql-injection(27144)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27144" + }, + { + "name": "http://pridels0.blogspot.com/2006/06/ipostmx-2005-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/ipostmx-2005-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3590.json b/2006/3xxx/CVE-2006-3590.json index adf941907b6..194729891f6 100644 --- a/2006/3xxx/CVE-2006-3590.json +++ b/2006/3xxx/CVE-2006-3590.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060714 Microsoft PowerPoint 0-day Vulnerability FAQ document written", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440137/100/0/threaded" - }, - { - "name" : "20060716 Several updates in MS PowerPoint 0-day Vulnerability FAQ at SecuriTeam Blogs", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440255/100/0/threaded" - }, - { - "name" : "20060718 New PowerPoint Trojan installs itself as LSP", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440532/100/0/threaded" - }, - { - "name" : "http://securityresponse.symantec.com/avcenter/venc/data/trojan.ppdropper.b.html", - "refsource" : "MISC", - "url" : "http://securityresponse.symantec.com/avcenter/venc/data/trojan.ppdropper.b.html" - }, - { - "name" : "http://isc.sans.org/diary.php?storyid=1484", - "refsource" : "MISC", - "url" : "http://isc.sans.org/diary.php?storyid=1484" - }, - { - "name" : "http://blogs.securiteam.com/?p=508", - "refsource" : "MISC", - "url" : "http://blogs.securiteam.com/?p=508" - }, - { - "name" : "MS06-048", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048" - }, - { - "name" : "TA06-220A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" - }, - { - "name" : "VU#936945", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/936945" - }, - { - "name" : "18957", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18957" - }, - { - "name" : "ADV-2006-2795", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2795" - }, - { - "name" : "27324", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27324" - }, - { - "name" : "oval:org.mitre.oval:def:399", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A399" - }, - { - "name" : "1016496", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016496" - }, - { - "name" : "21040", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21040" - }, - { - "name" : "powerpoint-mso-code-execution(27740)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27740" - }, - { - "name" : "powerpoint-mso-code-execution2(27781)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS06-048", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048" + }, + { + "name": "21040", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21040" + }, + { + "name": "http://isc.sans.org/diary.php?storyid=1484", + "refsource": "MISC", + "url": "http://isc.sans.org/diary.php?storyid=1484" + }, + { + "name": "http://securityresponse.symantec.com/avcenter/venc/data/trojan.ppdropper.b.html", + "refsource": "MISC", + "url": "http://securityresponse.symantec.com/avcenter/venc/data/trojan.ppdropper.b.html" + }, + { + "name": "http://blogs.securiteam.com/?p=508", + "refsource": "MISC", + "url": "http://blogs.securiteam.com/?p=508" + }, + { + "name": "20060718 New PowerPoint Trojan installs itself as LSP", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440532/100/0/threaded" + }, + { + "name": "20060716 Several updates in MS PowerPoint 0-day Vulnerability FAQ at SecuriTeam Blogs", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440255/100/0/threaded" + }, + { + "name": "powerpoint-mso-code-execution2(27781)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27781" + }, + { + "name": "20060714 Microsoft PowerPoint 0-day Vulnerability FAQ document written", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440137/100/0/threaded" + }, + { + "name": "TA06-220A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" + }, + { + "name": "ADV-2006-2795", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2795" + }, + { + "name": "1016496", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016496" + }, + { + "name": "VU#936945", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/936945" + }, + { + "name": "27324", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27324" + }, + { + "name": "powerpoint-mso-code-execution(27740)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27740" + }, + { + "name": "18957", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18957" + }, + { + "name": "oval:org.mitre.oval:def:399", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A399" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3765.json b/2006/3xxx/CVE-2006-3765.json index 0fdcab25c61..83f5e446b1b 100644 --- a/2006/3xxx/CVE-2006-3765.json +++ b/2006/3xxx/CVE-2006-3765.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Huttenlocher Webdesign hwdeGUEST 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the \"name input\" field in new_entry.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060718 hdweGUEST <= 2.1.1 Cross Site Scripting Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440455/100/0/threaded" - }, - { - "name" : "19053", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19053" - }, - { - "name" : "ADV-2006-2871", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2871" - }, - { - "name" : "1016549", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016549" - }, - { - "name" : "1258", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1258" - }, - { - "name" : "hwdeguest-newentry-xss(27805)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27805" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Huttenlocher Webdesign hwdeGUEST 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the \"name input\" field in new_entry.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016549", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016549" + }, + { + "name": "ADV-2006-2871", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2871" + }, + { + "name": "20060718 hdweGUEST <= 2.1.1 Cross Site Scripting Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440455/100/0/threaded" + }, + { + "name": "19053", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19053" + }, + { + "name": "1258", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1258" + }, + { + "name": "hwdeguest-newentry-xss(27805)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27805" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4210.json b/2006/4xxx/CVE-2006-4210.json index a4b71a28abd..a6942d4ac42 100644 --- a/2006/4xxx/CVE-2006-4210.json +++ b/2006/4xxx/CVE-2006-4210.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when register_globals is enabled, allows remote attackers to use the server as an open mail relay via modified mail_text2, user_row[5], nu_mail_1, and shop_mail parameters. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2181", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2181" - }, - { - "name" : "19517", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19517" - }, - { - "name" : "21454", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21454" - }, - { - "name" : "phpay-numail-header-injection(28366)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28366" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when register_globals is enabled, allows remote attackers to use the server as an open mail relay via modified mail_text2, user_row[5], nu_mail_1, and shop_mail parameters. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2181", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2181" + }, + { + "name": "19517", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19517" + }, + { + "name": "phpay-numail-header-injection(28366)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28366" + }, + { + "name": "21454", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21454" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6794.json b/2006/6xxx/CVE-2006-6794.json index 1d7a7f66039..6f8060599c1 100644 --- a/2006/6xxx/CVE-2006-6794.json +++ b/2006/6xxx/CVE-2006-6794.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6794", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in default.asp in Efkan Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the grup parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6794", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061222 Efkan Forum v1.0 SqL Inj. Vuln.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455205/100/0/threaded" - }, - { - "name" : "21726", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21726" - }, - { - "name" : "ADV-2006-5150", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5150" - }, - { - "name" : "2066", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2066" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in default.asp in Efkan Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the grup parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21726", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21726" + }, + { + "name": "ADV-2006-5150", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5150" + }, + { + "name": "20061222 Efkan Forum v1.0 SqL Inj. Vuln.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455205/100/0/threaded" + }, + { + "name": "2066", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2066" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7177.json b/2006/7xxx/CVE-2006-7177.json index e4e858e6884..3d1d3d279b6 100644 --- a/2006/7xxx/CVE-2006-7177.json +++ b/2006/7xxx/CVE-2006-7177.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial of service (system crash) via unspecified vectors that lead to a kernel panic in the ieee80211_input function, related to \"packets coming from a 'malicious' WinXP system.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070423 FLEA-2007-0012-1: madwifi", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/466689/30/6900/threaded" - }, - { - "name" : "http://madwifi.org/ticket/880", - "refsource" : "MISC", - "url" : "http://madwifi.org/ticket/880" - }, - { - "name" : "MDKSA-2007:082", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:082" - }, - { - "name" : "SUSE-SR:2007:014", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_14_sr.html" - }, - { - "name" : "USN-479-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-479-1" - }, - { - "name" : "23433", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23433" - }, - { - "name" : "24841", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24841" - }, - { - "name" : "25861", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25861" - }, - { - "name" : "26083", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26083" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial of service (system crash) via unspecified vectors that lead to a kernel panic in the ieee80211_input function, related to \"packets coming from a 'malicious' WinXP system.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-479-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-479-1" + }, + { + "name": "MDKSA-2007:082", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:082" + }, + { + "name": "26083", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26083" + }, + { + "name": "SUSE-SR:2007:014", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_14_sr.html" + }, + { + "name": "24841", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24841" + }, + { + "name": "20070423 FLEA-2007-0012-1: madwifi", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/466689/30/6900/threaded" + }, + { + "name": "23433", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23433" + }, + { + "name": "25861", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25861" + }, + { + "name": "http://madwifi.org/ticket/880", + "refsource": "MISC", + "url": "http://madwifi.org/ticket/880" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2342.json b/2010/2xxx/CVE-2010-2342.json index 799a437ec91..6f1f37985e2 100644 --- a/2010/2xxx/CVE-2010-2342.json +++ b/2010/2xxx/CVE-2010-2342.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in onlinenotebookmanager.asp in DMXReady Online Notebook Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13793", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13793" - }, - { - "name" : "40692", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40692" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in onlinenotebookmanager.asp in DMXReady Online Notebook Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40692", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40692" + }, + { + "name": "13793", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13793" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2375.json b/2010/2xxx/CVE-2010-2375.json index 956f43e56d5..ef3bd18035f 100644 --- a/2010/2xxx/CVE-2010-2375.json +++ b/2010/2xxx/CVE-2010-2375.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-2375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2406.json b/2010/2xxx/CVE-2010-2406.json index 79fdbf48629..ed0107f7665 100644 --- a/2010/2xxx/CVE-2010-2406.json +++ b/2010/2xxx/CVE-2010-2406.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Siebel Core - Highly Interactive Client component in Oracle Siebel Suite 7.7.2.12, 7.8.2.14, 8.0.0.10, and 8.1.1.3 allows remote authenticated users to affect confidentiality via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-2406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "TA10-287A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Siebel Core - Highly Interactive Client component in Oracle Siebel Suite 7.7.2.12, 7.8.2.14, 8.0.0.10, and 8.1.1.3 allows remote authenticated users to affect confidentiality via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "TA10-287A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3211.json b/2010/3xxx/CVE-2010-3211.json index 045ccd3eccd..58c7a283a5e 100644 --- a/2010/3xxx/CVE-2010-3211.json +++ b/2010/3xxx/CVE-2010-3211.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro) component 1.5.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via category categorylist operations with (1) the catid parameter or (2) the catid parameter in a lists action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14846", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14846" - }, - { - "name" : "41078", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41078" - }, - { - "name" : "jefaqprocom-index-sql-injection(61485)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61485" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro) component 1.5.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via category categorylist operations with (1) the catid parameter or (2) the catid parameter in a lists action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41078", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41078" + }, + { + "name": "jefaqprocom-index-sql-injection(61485)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61485" + }, + { + "name": "14846", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14846" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3764.json b/2010/3xxx/CVE-2010-3764.json index 33b98afa614..f0006542467 100644 --- a/2010/3xxx/CVE-2010-3764.json +++ b/2010/3xxx/CVE-2010-3764.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3.6.2, 3.7.3, and 4.1 creates graph files with predictable names in graphs/, which allows remote attackers to obtain sensitive information via a modified URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugzilla.org/security/3.2.8/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/3.2.8/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=419014", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=419014" - }, - { - "name" : "FEDORA-2010-17235", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html" - }, - { - "name" : "FEDORA-2010-17274", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html" - }, - { - "name" : "FEDORA-2010-17280", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html" - }, - { - "name" : "1024683", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024683" - }, - { - "name" : "42271", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42271" - }, - { - "name" : "ADV-2010-2878", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2878" - }, - { - "name" : "ADV-2010-2975", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2975" - }, - { - "name" : "bugzilla-graphs-info-disclosure(62969)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62969" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3.6.2, 3.7.3, and 4.1 creates graph files with predictable names in graphs/, which allows remote attackers to obtain sensitive information via a modified URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2010-17280", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html" + }, + { + "name": "bugzilla-graphs-info-disclosure(62969)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62969" + }, + { + "name": "ADV-2010-2878", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2878" + }, + { + "name": "http://www.bugzilla.org/security/3.2.8/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/3.2.8/" + }, + { + "name": "FEDORA-2010-17274", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html" + }, + { + "name": "1024683", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024683" + }, + { + "name": "FEDORA-2010-17235", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html" + }, + { + "name": "ADV-2010-2975", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2975" + }, + { + "name": "42271", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42271" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=419014", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=419014" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0676.json b/2011/0xxx/CVE-2011-0676.json index c4f86f6d956..aa414ee5d12 100644 --- a/2011/0xxx/CVE-2011-0676.json +++ b/2011/0xxx/CVE-2011-0676.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0676", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other \"Vulnerability Type 2\" CVEs listed in MS11-034, aka \"Win32k Null Pointer De-reference Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-0676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", - "refsource" : "MISC", - "url" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100133352", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100133352" - }, - { - "name" : "MS11-034", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" - }, - { - "name" : "TA11-102A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" - }, - { - "name" : "47220", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47220" - }, - { - "name" : "oval:org.mitre.oval:def:12416", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12416" - }, - { - "name" : "oval:org.mitre.oval:def:12474", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12474" - }, - { - "name" : "1025345", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025345" - }, - { - "name" : "44156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44156" - }, - { - "name" : "ADV-2011-0952", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0952" - }, - { - "name" : "mswin-win32k-var11-priv-escalation(66405)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66405" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other \"Vulnerability Type 2\" CVEs listed in MS11-034, aka \"Win32k Null Pointer De-reference Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-102A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" + }, + { + "name": "mswin-win32k-var11-priv-escalation(66405)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66405" + }, + { + "name": "MS11-034", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" + }, + { + "name": "ADV-2011-0952", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0952" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100133352", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100133352" + }, + { + "name": "oval:org.mitre.oval:def:12416", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12416" + }, + { + "name": "oval:org.mitre.oval:def:12474", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12474" + }, + { + "name": "44156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44156" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", + "refsource": "MISC", + "url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" + }, + { + "name": "1025345", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025345" + }, + { + "name": "47220", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47220" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1035.json b/2011/1xxx/CVE-2011-1035.json index f72c3586758..c9d0a3db557 100644 --- a/2011/1xxx/CVE-2011-1035.json +++ b/2011/1xxx/CVE-2011-1035.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1035", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1035", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forum.pivotx.net/viewtopic.php?p=10639#p10639", - "refsource" : "MISC", - "url" : "http://forum.pivotx.net/viewtopic.php?p=10639#p10639" - }, - { - "name" : "http://blog.pivotx.net/2011-02-16/pivotx-225-released", - "refsource" : "CONFIRM", - "url" : "http://blog.pivotx.net/2011-02-16/pivotx-225-released" - }, - { - "name" : "http://forum.pivotx.net/viewtopic.php?f=2&t=1961", - "refsource" : "CONFIRM", - "url" : "http://forum.pivotx.net/viewtopic.php?f=2&t=1961" - }, - { - "name" : "http://forum.pivotx.net/viewtopic.php?f=2&t=1967", - "refsource" : "CONFIRM", - "url" : "http://forum.pivotx.net/viewtopic.php?f=2&t=1967" - }, - { - "name" : "VU#175068", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/175068" - }, - { - "name" : "46463", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46463" - }, - { - "name" : "70935", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70935" - }, - { - "name" : "43417", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43417" - }, - { - "name" : "ADV-2011-0445", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0445" - }, - { - "name" : "pivotx-resetpassword-security-bypass(65539)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://forum.pivotx.net/viewtopic.php?f=2&t=1961", + "refsource": "CONFIRM", + "url": "http://forum.pivotx.net/viewtopic.php?f=2&t=1961" + }, + { + "name": "pivotx-resetpassword-security-bypass(65539)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65539" + }, + { + "name": "http://forum.pivotx.net/viewtopic.php?p=10639#p10639", + "refsource": "MISC", + "url": "http://forum.pivotx.net/viewtopic.php?p=10639#p10639" + }, + { + "name": "ADV-2011-0445", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0445" + }, + { + "name": "43417", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43417" + }, + { + "name": "70935", + "refsource": "OSVDB", + "url": "http://osvdb.org/70935" + }, + { + "name": "46463", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46463" + }, + { + "name": "VU#175068", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/175068" + }, + { + "name": "http://forum.pivotx.net/viewtopic.php?f=2&t=1967", + "refsource": "CONFIRM", + "url": "http://forum.pivotx.net/viewtopic.php?f=2&t=1967" + }, + { + "name": "http://blog.pivotx.net/2011-02-16/pivotx-225-released", + "refsource": "CONFIRM", + "url": "http://blog.pivotx.net/2011-02-16/pivotx-225-released" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1357.json b/2011/1xxx/CVE-2011-1357.json index a98801dfd56..0386e154ca3 100644 --- a/2011/1xxx/CVE-2011-1357.json +++ b/2011/1xxx/CVE-2011-1357.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in agentDetect.jsp in the web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 before 6.3.0.5, 7.0 before 7.0.0.5, and 7.5 before 7.5.0.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IV01657", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1IV01657" - }, - { - "name" : "websphere-wsrr-agentdetect-xss(69040)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in agentDetect.jsp in the web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 before 6.3.0.5, 7.0 before 7.0.0.5, and 7.5 before 7.5.0.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IV01657", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1IV01657" + }, + { + "name": "websphere-wsrr-agentdetect-xss(69040)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69040" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1458.json b/2011/1xxx/CVE-2011-1458.json index c673d7e4a18..c0b2e64d4c0 100644 --- a/2011/1xxx/CVE-2011-1458.json +++ b/2011/1xxx/CVE-2011-1458.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1458", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1458", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1528.json b/2011/1xxx/CVE-2011-1528.json index 18fa3c403af..8b38f081d5f 100644 --- a/2011/1xxx/CVE-2011-1528.json +++ b/2011/1xxx/CVE-2011-1528.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1528", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1528", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt", - "refsource" : "CONFIRM", - "url" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/715579", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/715579" - }, - { - "name" : "MDVSA-2011:159", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:159" - }, - { - "name" : "MDVSA-2011:160", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:160" - }, - { - "name" : "RHSA-2011:1379", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1379.html" - }, - { - "name" : "openSUSE-SU-2011:1169", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html" - }, - { - "name" : "VU#659251", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/659251" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:159", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:159" + }, + { + "name": "MDVSA-2011:160", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:160" + }, + { + "name": "openSUSE-SU-2011:1169", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/715579", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/715579" + }, + { + "name": "VU#659251", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/659251" + }, + { + "name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt", + "refsource": "CONFIRM", + "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt" + }, + { + "name": "RHSA-2011:1379", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1379.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3332.json b/2014/3xxx/CVE-2014-3332.json index 2622c8f5068..db921e79f2d 100644 --- a/2014/3xxx/CVE-2014-3332.json +++ b/2014/3xxx/CVE-2014-3332.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3332", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3332", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35198", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35198" - }, - { - "name" : "20140806 Cisco Unified Communications Manager Concurrent Login Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3332" - }, - { - "name" : "69068", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69068" - }, - { - "name" : "1030687", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030687" - }, - { - "name" : "cisco-ucm-cve20143332-sec-bypass(95136)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-ucm-cve20143332-sec-bypass(95136)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95136" + }, + { + "name": "20140806 Cisco Unified Communications Manager Concurrent Login Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3332" + }, + { + "name": "69068", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69068" + }, + { + "name": "1030687", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030687" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35198", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35198" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3456.json b/2014/3xxx/CVE-2014-3456.json index 0e2130c8558..7a0534bebb0 100644 --- a/2014/3xxx/CVE-2014-3456.json +++ b/2014/3xxx/CVE-2014-3456.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3456", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in GitLab Enterprise Edition (EE) 6.6.0 before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.gitlab.com/2014/02/27/gitlab-ee-6-6-2-security-release/", - "refsource" : "CONFIRM", - "url" : "https://www.gitlab.com/2014/02/27/gitlab-ee-6-6-2-security-release/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in GitLab Enterprise Edition (EE) 6.6.0 before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.gitlab.com/2014/02/27/gitlab-ee-6-6-2-security-release/", + "refsource": "CONFIRM", + "url": "https://www.gitlab.com/2014/02/27/gitlab-ee-6-6-2-security-release/" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3875.json b/2014/3xxx/CVE-2014-3875.json index 0a4839e206f..6bb0e56172e 100644 --- a/2014/3xxx/CVE-2014-3875.json +++ b/2014/3xxx/CVE-2014-3875.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3875", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3875", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6228.json b/2014/6xxx/CVE-2014-6228.json index 2461f715e85..9729c185e52 100644 --- a/2014/6xxx/CVE-2014-6228.json +++ b/2014/6xxx/CVE-2014-6228.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the string_chunk_split function in hphp/runtime/base/zend-string.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted arguments to the chunk_split function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/facebook/hhvm/commit/1f91e076a585118495b976a413c1df40f6fd3d41", - "refsource" : "CONFIRM", - "url" : "https://github.com/facebook/hhvm/commit/1f91e076a585118495b976a413c1df40f6fd3d41" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the string_chunk_split function in hphp/runtime/base/zend-string.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted arguments to the chunk_split function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/facebook/hhvm/commit/1f91e076a585118495b976a413c1df40f6fd3d41", + "refsource": "CONFIRM", + "url": "https://github.com/facebook/hhvm/commit/1f91e076a585118495b976a413c1df40f6fd3d41" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6393.json b/2014/6xxx/CVE-2014-6393.json index ca481e6e9e3..e24cdf0ba6d 100644 --- a/2014/6xxx/CVE-2014-6393.json +++ b/2014/6xxx/CVE-2014-6393.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via characters in a non-standard encoding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1203190", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1203190" - }, - { - "name" : "https://nodesecurity.io/advisories/express-no-charset-in-content-type-header", - "refsource" : "CONFIRM", - "url" : "https://nodesecurity.io/advisories/express-no-charset-in-content-type-header" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via characters in a non-standard encoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/express-no-charset-in-content-type-header", + "refsource": "CONFIRM", + "url": "https://nodesecurity.io/advisories/express-no-charset-in-content-type-header" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1203190", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203190" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6436.json b/2014/6xxx/CVE-2014-6436.json index 4ac5bf96f02..b108531496d 100644 --- a/2014/6xxx/CVE-2014-6436.json +++ b/2014/6xxx/CVE-2014-6436.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6436", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6436", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140919 Re: Multiple Vulnerabilities with Aztech Modem Routers", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533489/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html" - }, - { - "name" : "69811", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69811", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69811" + }, + { + "name": "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html" + }, + { + "name": "20140919 Re: Multiple Vulnerabilities with Aztech Modem Routers", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533489/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7262.json b/2014/7xxx/CVE-2014-7262.json index addb2a5d559..a42ed5c4089 100644 --- a/2014/7xxx/CVE-2014-7262.json +++ b/2014/7xxx/CVE-2014-7262.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Omake BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-7262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jvn.jp/en/jp/JVN98097877/360573/index.html", - "refsource" : "MISC", - "url" : "http://jvn.jp/en/jp/JVN98097877/360573/index.html" - }, - { - "name" : "JVN#98097877", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN98097877/index.html" - }, - { - "name" : "JVNDB-2014-000145", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Omake BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://jvn.jp/en/jp/JVN98097877/360573/index.html", + "refsource": "MISC", + "url": "http://jvn.jp/en/jp/JVN98097877/360573/index.html" + }, + { + "name": "JVNDB-2014-000145", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000145" + }, + { + "name": "JVN#98097877", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN98097877/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7658.json b/2014/7xxx/CVE-2014-7658.json index 7c05d10b547..ad841f31578 100644 --- a/2014/7xxx/CVE-2014-7658.json +++ b/2014/7xxx/CVE-2014-7658.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7658", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7658", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7925.json b/2014/7xxx/CVE-2014-7925.json index 8d0d2e0d196..514ffa07607 100644 --- a/2014/7xxx/CVE-2014-7925.json +++ b/2014/7xxx/CVE-2014-7925.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the WebAudio implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an audio-rendering thread in which AudioNode data is improperly maintained." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-7925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=434136", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=434136" - }, - { - "name" : "https://codereview.chromium.org/802593004", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/802593004" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=186482&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=186482&view=revision" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=186914&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=186914&view=revision" - }, - { - "name" : "GLSA-201502-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml" - }, - { - "name" : "RHSA-2015:0093", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0093.html" - }, - { - "name" : "openSUSE-SU-2015:0441", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" - }, - { - "name" : "USN-2476-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2476-1" - }, - { - "name" : "72288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72288" - }, - { - "name" : "1031623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031623" - }, - { - "name" : "62575", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62575" - }, - { - "name" : "62383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62383" - }, - { - "name" : "62665", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the WebAudio implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an audio-rendering thread in which AudioNode data is improperly maintained." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62665", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62665" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=434136", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=434136" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" + }, + { + "name": "62575", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62575" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=186914&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=186914&view=revision" + }, + { + "name": "USN-2476-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2476-1" + }, + { + "name": "72288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72288" + }, + { + "name": "GLSA-201502-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml" + }, + { + "name": "https://codereview.chromium.org/802593004", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/802593004" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=186482&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=186482&view=revision" + }, + { + "name": "1031623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031623" + }, + { + "name": "openSUSE-SU-2015:0441", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" + }, + { + "name": "RHSA-2015:0093", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0093.html" + }, + { + "name": "62383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62383" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7954.json b/2014/7xxx/CVE-2014-7954.json index 6cec8ec8034..67633e22f60 100644 --- a/2014/7xxx/CVE-2014-7954.json +++ b/2014/7xxx/CVE-2014-7954.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target Android device to upload files outside of the sdcard via a .. (dot dot) in a name parameter of an MTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150417 CVE-2014-7954 MTP path traversal vulnerability in Android", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/535294/100/1100/threaded" - }, - { - "name" : "20150417 CVE-2014-7954 MTP path traversal vulnerability in Android", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Apr/50" - }, - { - "name" : "http://packetstormsecurity.com/files/131509/Android-4.4-MTP-Path-Traversal.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/131509/Android-4.4-MTP-Path-Traversal.html" - }, - { - "name" : "74210", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target Android device to upload files outside of the sdcard via a .. (dot dot) in a name parameter of an MTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150417 CVE-2014-7954 MTP path traversal vulnerability in Android", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Apr/50" + }, + { + "name": "http://packetstormsecurity.com/files/131509/Android-4.4-MTP-Path-Traversal.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/131509/Android-4.4-MTP-Path-Traversal.html" + }, + { + "name": "74210", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74210" + }, + { + "name": "20150417 CVE-2014-7954 MTP path traversal vulnerability in Android", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/535294/100/1100/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7963.json b/2014/7xxx/CVE-2014-7963.json index 8a5b6a7f3c7..d3a56995cb8 100644 --- a/2014/7xxx/CVE-2014-7963.json +++ b/2014/7xxx/CVE-2014-7963.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7963", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7963", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8054.json b/2014/8xxx/CVE-2014-8054.json index 33ff0845ffb..28812ac7834 100644 --- a/2014/8xxx/CVE-2014-8054.json +++ b/2014/8xxx/CVE-2014-8054.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8054", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8054", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8724.json b/2014/8xxx/CVE-2014-8724.json index e5f7b407ae2..686bd120b30 100644 --- a/2014/8xxx/CVE-2014-8724.json +++ b/2014/8xxx/CVE-2014-8724.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the \"Cache key\" in the HTML-Comments, as demonstrated by the PATH_INFO to the default URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141217 secuvera-SA-2014-01: Reflected XSS in W3 Total Cache", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534266/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/129626/W3-Total-Cache-0.9.4-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129626/W3-Total-Cache-0.9.4-Cross-Site-Scripting.html" - }, - { - "name" : "https://www.secuvera.de/advisories/secuvera-SA-2014-01.txt", - "refsource" : "MISC", - "url" : "https://www.secuvera.de/advisories/secuvera-SA-2014-01.txt" - }, - { - "name" : "https://wordpress.org/plugins/w3-total-cache/changelog/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/w3-total-cache/changelog/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the \"Cache key\" in the HTML-Comments, as demonstrated by the PATH_INFO to the default URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/w3-total-cache/changelog/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/w3-total-cache/changelog/" + }, + { + "name": "https://www.secuvera.de/advisories/secuvera-SA-2014-01.txt", + "refsource": "MISC", + "url": "https://www.secuvera.de/advisories/secuvera-SA-2014-01.txt" + }, + { + "name": "http://packetstormsecurity.com/files/129626/W3-Total-Cache-0.9.4-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129626/W3-Total-Cache-0.9.4-Cross-Site-Scripting.html" + }, + { + "name": "20141217 secuvera-SA-2014-01: Reflected XSS in W3 Total Cache", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534266/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2191.json b/2016/2xxx/CVE-2016-2191.json index 53f2b6f64c7..6c060d83e78 100644 --- a/2016/2xxx/CVE-2016-2191.json +++ b/2016/2xxx/CVE-2016-2191.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160404 CVE-2016-2191: optipng: invalid write", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/537972/100/0/threaded" - }, - { - "name" : "20160404 CVE-2016-2191: optipng: invalid write", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/Apr/15" - }, - { - "name" : "[oss-security] 20160404 CVE-2016-2191: optipng: invalid write", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/04/04/2" - }, - { - "name" : "http://packetstormsecurity.com/files/136553/Optipng-Invalid-Write.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/136553/Optipng-Invalid-Write.html" - }, - { - "name" : "https://sourceforge.net/p/optipng/bugs/59/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/optipng/bugs/59/" - }, - { - "name" : "DSA-3546", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3546" - }, - { - "name" : "GLSA-201608-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201608-01" - }, - { - "name" : "openSUSE-SU-2016:1078", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html" - }, - { - "name" : "openSUSE-SU-2016:1082", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html" - }, - { - "name" : "USN-2951-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2951-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/optipng/bugs/59/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/optipng/bugs/59/" + }, + { + "name": "[oss-security] 20160404 CVE-2016-2191: optipng: invalid write", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/04/04/2" + }, + { + "name": "openSUSE-SU-2016:1082", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html" + }, + { + "name": "DSA-3546", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3546" + }, + { + "name": "USN-2951-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2951-1" + }, + { + "name": "openSUSE-SU-2016:1078", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html" + }, + { + "name": "20160404 CVE-2016-2191: optipng: invalid write", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/537972/100/0/threaded" + }, + { + "name": "20160404 CVE-2016-2191: optipng: invalid write", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/Apr/15" + }, + { + "name": "GLSA-201608-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201608-01" + }, + { + "name": "http://packetstormsecurity.com/files/136553/Optipng-Invalid-Write.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/136553/Optipng-Invalid-Write.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2286.json b/2016/2xxx/CVE-2016-2286.json index 822bf97faac..744d87aa4df 100644 --- a/2016/2xxx/CVE-2016-2286.json +++ b/2016/2xxx/CVE-2016-2286.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 have a blank default password, which allows remote attackers to obtain access via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-2286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160503 Moxa MiiNePort - Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2016/May/7" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 have a blank default password, which allows remote attackers to obtain access via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20160503 Moxa MiiNePort - Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2016/May/7" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2729.json b/2016/2xxx/CVE-2016-2729.json index 3fd841047ae..3c5c4be3936 100644 --- a/2016/2xxx/CVE-2016-2729.json +++ b/2016/2xxx/CVE-2016-2729.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2729", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2729", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6468.json b/2016/6xxx/CVE-2016-6468.json index d17ba86a920..59d6d92d9cb 100644 --- a/2016/6xxx/CVE-2016-6468.json +++ b/2016/6xxx/CVE-2016-6468.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-6468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Emergency Responder", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Emergency Responder" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvb06663. Known Affected Releases: 11.5(1.10000.4). Known Fixed Releases: 12.0(0.98000.14)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Emergency Responder", + "version": { + "version_data": [ + { + "version_value": "Cisco Emergency Responder" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer" - }, - { - "name" : "94786", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94786" - }, - { - "name" : "1037428", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvb06663. Known Affected Releases: 11.5(1.10000.4). Known Fixed Releases: 12.0(0.98000.14)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer" + }, + { + "name": "94786", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94786" + }, + { + "name": "1037428", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037428" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6633.json b/2016/6xxx/CVE-2016-6633.json index 07df7acdf94..acfc2f130dc 100644 --- a/2016/6xxx/CVE-2016-6633.json +++ b/2016/6xxx/CVE-2016-6633.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.phpmyadmin.net/security/PMASA-2016-56", - "refsource" : "CONFIRM", - "url" : "https://www.phpmyadmin.net/security/PMASA-2016-56" - }, - { - "name" : "GLSA-201701-32", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-32" - }, - { - "name" : "92500", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "92500", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92500" + }, + { + "name": "https://www.phpmyadmin.net/security/PMASA-2016-56", + "refsource": "CONFIRM", + "url": "https://www.phpmyadmin.net/security/PMASA-2016-56" + }, + { + "name": "GLSA-201701-32", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-32" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18017.json b/2017/18xxx/CVE-2017-18017.json index 0c0d2263e33..2e2801aac1b 100644 --- a/2017/18xxx/CVE-2017-18017.json +++ b/2017/18xxx/CVE-2017-18017.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901" - }, - { - "name" : "http://patchwork.ozlabs.org/patch/746618/", - "refsource" : "MISC", - "url" : "http://patchwork.ozlabs.org/patch/746618/" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765" - }, - { - "name" : "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901" - }, - { - "name" : "https://lkml.org/lkml/2017/4/2/13", - "refsource" : "MISC", - "url" : "https://lkml.org/lkml/2017/4/2/13" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36", - "refsource" : "MISC", - "url" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36" - }, - { - "name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", - "refsource" : "CONFIRM", - "url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" - }, - { - "name" : "DSA-4187", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4187" - }, - { - "name" : "RHSA-2018:0676", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0676" - }, - { - "name" : "RHSA-2018:1062", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1062" - }, - { - "name" : "RHSA-2018:1130", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1130" - }, - { - "name" : "RHSA-2018:1170", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1170" - }, - { - "name" : "RHSA-2018:1319", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1319" - }, - { - "name" : "RHSA-2018:1737", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1737" - }, - { - "name" : "USN-3583-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3583-1/" - }, - { - "name" : "USN-3583-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3583-2/" - }, - { - "name" : "102367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102367" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4187", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4187" + }, + { + "name": "USN-3583-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3583-2/" + }, + { + "name": "http://patchwork.ozlabs.org/patch/746618/", + "refsource": "MISC", + "url": "http://patchwork.ozlabs.org/patch/746618/" + }, + { + "name": "RHSA-2018:1737", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1737" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36", + "refsource": "MISC", + "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36" + }, + { + "name": "https://lkml.org/lkml/2017/4/2/13", + "refsource": "MISC", + "url": "https://lkml.org/lkml/2017/4/2/13" + }, + { + "name": "RHSA-2018:1062", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1062" + }, + { + "name": "RHSA-2018:1319", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1319" + }, + { + "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", + "refsource": "CONFIRM", + "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" + }, + { + "name": "USN-3583-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3583-1/" + }, + { + "name": "RHSA-2018:0676", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0676" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765" + }, + { + "name": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901" + }, + { + "name": "RHSA-2018:1170", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1170" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901" + }, + { + "name": "RHSA-2018:1130", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1130" + }, + { + "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" + }, + { + "name": "102367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102367" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18101.json b/2017/18xxx/CVE-2017-18101.json index 08a49416288..b663cf3f2ab 100644 --- a/2017/18xxx/CVE-2017-18101.json +++ b/2017/18xxx/CVE-2017-18101.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-04-10T00:00:00", - "ID" : "CVE-2017-18101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jira", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "7.6.5" - }, - { - "version_affected" : ">=", - "version_value" : "7.7.0" - }, - { - "version_affected" : "<", - "version_value" : "7.7.3" - }, - { - "version_affected" : ">=", - "version_value" : "7.8.0" - }, - { - "version_affected" : "<", - "version_value" : "7.8.3" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Access Control (CWE-284)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-04-10T00:00:00", + "ID": "CVE-2017-18101", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.6.5" + }, + { + "version_affected": ">=", + "version_value": "7.7.0" + }, + { + "version_affected": "<", + "version_value": "7.7.3" + }, + { + "version_affected": ">=", + "version_value": "7.8.0" + }, + { + "version_affected": "<", + "version_value": "7.8.3" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/JRASERVER-67107", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/JRASERVER-67107" - }, - { - "name" : "103730", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103730" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control (CWE-284)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103730", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103730" + }, + { + "name": "https://jira.atlassian.com/browse/JRASERVER-67107", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/JRASERVER-67107" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1289.json b/2017/1xxx/CVE-2017-1289.json index 48075b44287..7d69dceb180 100644 --- a/2017/1xxx/CVE-2017-1289.json +++ b/2017/1xxx/CVE-2017-1289.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Runtimes for Java Technology", - "version" : { - "version_data" : [ - { - "version_value" : "6.0, 6.1, 7.0, 7.1, 8.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Runtimes for Java Technology", + "version": { + "version_data": [ + { + "version_value": "6.0, 6.1, 7.0, 7.1, 8.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=swg22002169", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=swg22002169" - }, - { - "name" : "RHSA-2017:3453", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3453" - }, - { - "name" : "RHSA-2017:1220", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1220" - }, - { - "name" : "RHSA-2017:1221", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1221" - }, - { - "name" : "RHSA-2017:1222", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1222" - }, - { - "name" : "98401", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98401" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1221", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1221" + }, + { + "name": "RHSA-2017:1220", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1220" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=swg22002169", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=swg22002169" + }, + { + "name": "RHSA-2017:1222", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1222" + }, + { + "name": "98401", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98401" + }, + { + "name": "RHSA-2017:3453", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3453" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1307.json b/2017/1xxx/CVE-2017-1307.json index df8d34bca8d..7707b328624 100644 --- a/2017/1xxx/CVE-2017-1307.json +++ b/2017/1xxx/CVE-2017-1307.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1307", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1307", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5544.json b/2017/5xxx/CVE-2017-5544.json index 07378b7e1c2..7024d550f45 100644 --- a/2017/5xxx/CVE-2017-5544.json +++ b/2017/5xxx/CVE-2017-5544.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on FiberHome Fengine S5800 switches V210R240. An unauthorized attacker can access the device's SSH service, using a password cracking tool to establish SSH connections quickly. This will trigger an increase in the SSH login timeout (each of the login attempts will occupy a connection slot for a longer time). Once this occurs, legitimate login attempts via SSH/telnet will be refused, resulting in a denial of service; you must restart the device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.nfcwar.com", - "refsource" : "MISC", - "url" : "http://www.nfcwar.com" - }, - { - "name" : "95708", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95708" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on FiberHome Fengine S5800 switches V210R240. An unauthorized attacker can access the device's SSH service, using a password cracking tool to establish SSH connections quickly. This will trigger an increase in the SSH login timeout (each of the login attempts will occupy a connection slot for a longer time). Once this occurs, legitimate login attempts via SSH/telnet will be refused, resulting in a denial of service; you must restart the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.nfcwar.com", + "refsource": "MISC", + "url": "http://www.nfcwar.com" + }, + { + "name": "95708", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95708" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5609.json b/2017/5xxx/CVE-2017-5609.json index a281d777150..72a8fdbc378 100644 --- a/2017/5xxx/CVE-2017-5609.json +++ b/2017/5xxx/CVE-2017-5609.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/s9y/Serendipity/commit/c62d667287f2d76c81e03a740a581eb3c51249b6", - "refsource" : "CONFIRM", - "url" : "https://github.com/s9y/Serendipity/commit/c62d667287f2d76c81e03a740a581eb3c51249b6" - }, - { - "name" : "https://github.com/s9y/Serendipity/releases/tag/2.1-rc1", - "refsource" : "CONFIRM", - "url" : "https://github.com/s9y/Serendipity/releases/tag/2.1-rc1" - }, - { - "name" : "95850", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95850" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95850", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95850" + }, + { + "name": "https://github.com/s9y/Serendipity/releases/tag/2.1-rc1", + "refsource": "CONFIRM", + "url": "https://github.com/s9y/Serendipity/releases/tag/2.1-rc1" + }, + { + "name": "https://github.com/s9y/Serendipity/commit/c62d667287f2d76c81e03a740a581eb3c51249b6", + "refsource": "CONFIRM", + "url": "https://github.com/s9y/Serendipity/commit/c62d667287f2d76c81e03a740a581eb3c51249b6" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5789.json b/2017/5xxx/CVE-2017-5789.json index 10814d7f425..1ee52dd3f10 100644 --- a/2017/5xxx/CVE-2017-5789.json +++ b/2017/5xxx/CVE-2017-5789.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "ID" : "CVE-2017-5789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HPE LoadRunner and Performance Center", - "version" : { - "version_data" : [ - { - "version_value" : "HPE LoadRunner and Performance Center" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "ID": "CVE-2017-5789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HPE LoadRunner and Performance Center", + "version": { + "version_data": [ + { + "version_value": "HPE LoadRunner and Performance Center" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-160/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-160/" - }, - { - "name" : "https://www.tenable.com/security/research/tra-2017-13", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2017-13" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03712en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03712en_us" - }, - { - "name" : "101224", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101224" - }, - { - "name" : "96774", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96774" - }, - { - "name" : "1038028", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038028" - }, - { - "name" : "1038029", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101224", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101224" + }, + { + "name": "https://www.tenable.com/security/research/tra-2017-13", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2017-13" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-160/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-160/" + }, + { + "name": "1038029", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038029" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03712en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03712en_us" + }, + { + "name": "96774", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96774" + }, + { + "name": "1038028", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038028" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5871.json b/2017/5xxx/CVE-2017-5871.json index 1f71e2569cd..a2348fb9cb9 100644 --- a/2017/5xxx/CVE-2017-5871.json +++ b/2017/5xxx/CVE-2017-5871.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5871", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5871", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file