diff --git a/2006/3xxx/CVE-2006-3227.json b/2006/3xxx/CVE-2006-3227.json index ff8c01e3a44..87dcfea99d9 100644 --- a/2006/3xxx/CVE-2006-3227.json +++ b/2006/3xxx/CVE-2006-3227.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3227", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, which could be stripped by Internet Explorer to render legible text, but not when using other browsers. NOTE: there has been significant discussion about this issue, and as of 20060625, it is not clear where the responsibility for this issue lies, although it might be due to vagueness within the associated standards. NOTE: this might only be exploitable with certain encodings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060621 Bypassing of web filters by using ASCII", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437948/100/0/threaded" - }, - { - "name" : "20060621 Re: Bypassing of web filters by using ASCII", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438049/100/0/threaded" - }, - { - "name" : "20060621 Re: Bypassing of web filters by using ASCII", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438051/100/0/threaded" - }, - { - "name" : "20060622 Re: Bypassing of web filters by using ASCII", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438066/100/0/threaded" - }, - { - "name" : "20060623 RE: Bypassing of web filters by using ASCII", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438154/100/0/threaded" - }, - { - "name" : "20060623 Re: Bypassing of web filters by using ASCII", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438163/100/0/threaded" - }, - { - "name" : "20060626 RE: Bypassing of web filters by using ASCII", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438359/100/0/threaded" - }, - { - "name" : "20060626 Re: Bypassing of web filters by using ASCII", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438358/100/0/threaded" - }, - { - "name" : "http://ha.ckers.org/blog/20060621/us-ascii-xss-part-2", - "refsource" : "MISC", - "url" : "http://ha.ckers.org/blog/20060621/us-ascii-xss-part-2" - }, - { - "name" : "http://ha.ckers.org/blog/20060621/malformed-ascii-bypasses-filters/", - "refsource" : "MISC", - "url" : "http://ha.ckers.org/blog/20060621/malformed-ascii-bypasses-filters/" - }, - { - "name" : "28376", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28376" - }, - { - "name" : "ie-ascii-encoded-web-filter-bypass(27288)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27288" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, which could be stripped by Internet Explorer to render legible text, but not when using other browsers. NOTE: there has been significant discussion about this issue, and as of 20060625, it is not clear where the responsibility for this issue lies, although it might be due to vagueness within the associated standards. NOTE: this might only be exploitable with certain encodings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060621 Re: Bypassing of web filters by using ASCII", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438051/100/0/threaded" + }, + { + "name": "ie-ascii-encoded-web-filter-bypass(27288)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27288" + }, + { + "name": "20060623 Re: Bypassing of web filters by using ASCII", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438163/100/0/threaded" + }, + { + "name": "20060626 Re: Bypassing of web filters by using ASCII", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438358/100/0/threaded" + }, + { + "name": "20060622 Re: Bypassing of web filters by using ASCII", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438066/100/0/threaded" + }, + { + "name": "20060621 Bypassing of web filters by using ASCII", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437948/100/0/threaded" + }, + { + "name": "http://ha.ckers.org/blog/20060621/us-ascii-xss-part-2", + "refsource": "MISC", + "url": "http://ha.ckers.org/blog/20060621/us-ascii-xss-part-2" + }, + { + "name": "20060621 Re: Bypassing of web filters by using ASCII", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438049/100/0/threaded" + }, + { + "name": "http://ha.ckers.org/blog/20060621/malformed-ascii-bypasses-filters/", + "refsource": "MISC", + "url": "http://ha.ckers.org/blog/20060621/malformed-ascii-bypasses-filters/" + }, + { + "name": "20060623 RE: Bypassing of web filters by using ASCII", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438154/100/0/threaded" + }, + { + "name": "20060626 RE: Bypassing of web filters by using ASCII", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438359/100/0/threaded" + }, + { + "name": "28376", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28376" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3675.json b/2006/3xxx/CVE-2006-3675.json index d47e9af9861..ef649fe1a9a 100644 --- a/2006/3xxx/CVE-2006-3675.json +++ b/2006/3xxx/CVE-2006-3675.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the configuration settings for locking the password database when certain dialogue windows are open, which might allow attackers with physical access to obtain the database contents." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060721 SYMSA-2006-008:Password Safe - Lock Password Database Configuration Not Enforced", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441040/100/0/threaded" - }, - { - "name" : "http://www.symantec.com/enterprise/research/SYMSA-2006-008.txt", - "refsource" : "MISC", - "url" : "http://www.symantec.com/enterprise/research/SYMSA-2006-008.txt" - }, - { - "name" : "19078", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19078" - }, - { - "name" : "1016565", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016565" - }, - { - "name" : "1308", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1308" - }, - { - "name" : "passwordsafe-lock-weak-security(27933)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27933" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the configuration settings for locking the password database when certain dialogue windows are open, which might allow attackers with physical access to obtain the database contents." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19078", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19078" + }, + { + "name": "1016565", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016565" + }, + { + "name": "1308", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1308" + }, + { + "name": "http://www.symantec.com/enterprise/research/SYMSA-2006-008.txt", + "refsource": "MISC", + "url": "http://www.symantec.com/enterprise/research/SYMSA-2006-008.txt" + }, + { + "name": "passwordsafe-lock-weak-security(27933)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27933" + }, + { + "name": "20060721 SYMSA-2006-008:Password Safe - Lock Password Database Configuration Not Enforced", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441040/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3758.json b/2006/3xxx/CVE-2006-3758.json index cf9c2676e05..7c506fddbbb 100644 --- a/2006/3xxx/CVE-2006-3758.json +++ b/2006/3xxx/CVE-2006-3758.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html", - "refsource" : "MISC", - "url" : "http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html" - }, - { - "name" : "http://community.mybboard.net/showthread.php?tid=10115", - "refsource" : "CONFIRM", - "url" : "http://community.mybboard.net/showthread.php?tid=10115" - }, - { - "name" : "http://www.mybboard.com/archive.php?nid=15", - "refsource" : "CONFIRM", - "url" : "http://www.mybboard.com/archive.php?nid=15" - }, - { - "name" : "26809", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26809" - }, - { - "name" : "20873", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20873" - }, - { - "name" : "mybb-index-sql-injection(27445)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://community.mybboard.net/showthread.php?tid=10115", + "refsource": "CONFIRM", + "url": "http://community.mybboard.net/showthread.php?tid=10115" + }, + { + "name": "http://www.mybboard.com/archive.php?nid=15", + "refsource": "CONFIRM", + "url": "http://www.mybboard.com/archive.php?nid=15" + }, + { + "name": "mybb-index-sql-injection(27445)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27445" + }, + { + "name": "26809", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26809" + }, + { + "name": "http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html", + "refsource": "MISC", + "url": "http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html" + }, + { + "name": "20873", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20873" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3894.json b/2006/3xxx/CVE-2006-3894.json index 97e9b278048..42832e61987 100644 --- a/2006/3xxx/CVE-2006-3894.json +++ b/2006/3xxx/CVE-2006-3894.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3894", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2006-3894", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jvn.jp/cert/JVNVU%23754281/index.html", - "refsource" : "CONFIRM", - "url" : "http://jvn.jp/cert/JVNVU%23754281/index.html" - }, - { - "name" : "https://secure-support.novell.com/KanisaPlatform/Publishing/97/3590033_f.SAL_Public.html", - "refsource" : "CONFIRM", - "url" : "https://secure-support.novell.com/KanisaPlatform/Publishing/97/3590033_f.SAL_Public.html" - }, - { - "name" : "20070522 Vulnerability In Crypto Library", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080847c5d.shtml" - }, - { - "name" : "VU#754281", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/754281" - }, - { - "name" : "24104", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24104" - }, - { - "name" : "35338", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35338" - }, - { - "name" : "oval:org.mitre.oval:def:5778", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5778" - }, - { - "name" : "ADV-2007-1908", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1908" - }, - { - "name" : "ADV-2007-1909", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1909" - }, - { - "name" : "ADV-2007-1945", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1945" - }, - { - "name" : "1018095", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018095" - }, - { - "name" : "25364", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25364" - }, - { - "name" : "25399", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25399" - }, - { - "name" : "25343", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25343" - }, - { - "name" : "multiple-crypto-asn1-dos(34430)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34430" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://jvn.jp/cert/JVNVU%23754281/index.html", + "refsource": "CONFIRM", + "url": "http://jvn.jp/cert/JVNVU%23754281/index.html" + }, + { + "name": "25364", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25364" + }, + { + "name": "ADV-2007-1945", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1945" + }, + { + "name": "25343", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25343" + }, + { + "name": "oval:org.mitre.oval:def:5778", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5778" + }, + { + "name": "ADV-2007-1909", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1909" + }, + { + "name": "20070522 Vulnerability In Crypto Library", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080847c5d.shtml" + }, + { + "name": "24104", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24104" + }, + { + "name": "VU#754281", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/754281" + }, + { + "name": "ADV-2007-1908", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1908" + }, + { + "name": "25399", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25399" + }, + { + "name": "1018095", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018095" + }, + { + "name": "https://secure-support.novell.com/KanisaPlatform/Publishing/97/3590033_f.SAL_Public.html", + "refsource": "CONFIRM", + "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/97/3590033_f.SAL_Public.html" + }, + { + "name": "35338", + "refsource": "OSVDB", + "url": "http://osvdb.org/35338" + }, + { + "name": "multiple-crypto-asn1-dos(34430)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34430" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4184.json b/2006/4xxx/CVE-2006-4184.json index f1b251192c7..a40c2d505d6 100644 --- a/2006/4xxx/CVE-2006-4184.json +++ b/2006/4xxx/CVE-2006-4184.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SmartLine DeviceLock before 5.73 Build 305 does not properly enforce access control lists (ACL) in raw mode, which allows local users to bypass NTFS controls and obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060813 Local privilege Escalation in SmartLine DeviceLock 5.73", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443193/100/0/threaded" - }, - { - "name" : "http://www.protect-me.com/dl/whatsnew.html", - "refsource" : "CONFIRM", - "url" : "http://www.protect-me.com/dl/whatsnew.html" - }, - { - "name" : "19500", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19500" - }, - { - "name" : "21494", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21494" - }, - { - "name" : "1392", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1392" - }, - { - "name" : "devicelock-acl-security-bypass(28384)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28384" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SmartLine DeviceLock before 5.73 Build 305 does not properly enforce access control lists (ACL) in raw mode, which allows local users to bypass NTFS controls and obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060813 Local privilege Escalation in SmartLine DeviceLock 5.73", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443193/100/0/threaded" + }, + { + "name": "devicelock-acl-security-bypass(28384)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28384" + }, + { + "name": "1392", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1392" + }, + { + "name": "http://www.protect-me.com/dl/whatsnew.html", + "refsource": "CONFIRM", + "url": "http://www.protect-me.com/dl/whatsnew.html" + }, + { + "name": "21494", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21494" + }, + { + "name": "19500", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19500" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4656.json b/2006/4xxx/CVE-2006-4656.json index 4c27ece72f2..4e0c7245c73 100644 --- a/2006/4xxx/CVE-2006-4656.json +++ b/2006/4xxx/CVE-2006-4656.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4656", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in admin/editeur/spaw_control.class.php in Web Provence SL_Site 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in a third party product, SPAW Editor PHP Edition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060907 SL_Site <= 1.0 [spaw_root] Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445520/100/0/threaded" - }, - { - "name" : "2317", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2317" - }, - { - "name" : "http://spaw.cvs.sourceforge.net/spaw/spaw/docs/ChangeLog.txt?view=markup", - "refsource" : "CONFIRM", - "url" : "http://spaw.cvs.sourceforge.net/spaw/spaw/docs/ChangeLog.txt?view=markup" - }, - { - "name" : "http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.19&r2=1.20", - "refsource" : "MISC", - "url" : "http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.19&r2=1.20" - }, - { - "name" : "http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.25&r2=1.26", - "refsource" : "MISC", - "url" : "http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.25&r2=1.26" - }, - { - "name" : "19892", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19892" - }, - { - "name" : "1016814", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016814" - }, - { - "name" : "1522", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1522" - }, - { - "name" : "slsite-spaw-file-include(28783)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28783" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in admin/editeur/spaw_control.class.php in Web Provence SL_Site 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in a third party product, SPAW Editor PHP Edition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2317", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2317" + }, + { + "name": "slsite-spaw-file-include(28783)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28783" + }, + { + "name": "20060907 SL_Site <= 1.0 [spaw_root] Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445520/100/0/threaded" + }, + { + "name": "http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.19&r2=1.20", + "refsource": "MISC", + "url": "http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.19&r2=1.20" + }, + { + "name": "1522", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1522" + }, + { + "name": "19892", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19892" + }, + { + "name": "http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.25&r2=1.26", + "refsource": "MISC", + "url": "http://spaw.cvs.sourceforge.net/spaw/spaw/spaw_control.class.php?r1=1.25&r2=1.26" + }, + { + "name": "http://spaw.cvs.sourceforge.net/spaw/spaw/docs/ChangeLog.txt?view=markup", + "refsource": "CONFIRM", + "url": "http://spaw.cvs.sourceforge.net/spaw/spaw/docs/ChangeLog.txt?view=markup" + }, + { + "name": "1016814", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016814" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6584.json b/2006/6xxx/CVE-2006-6584.json index 891d465bb3b..69d8352ac46 100644 --- a/2006/6xxx/CVE-2006-6584.json +++ b/2006/6xxx/CVE-2006-6584.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in italkplus (Italk+) before 0.92.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://italk.sourceforge.net/italk-sa-1.txt", - "refsource" : "CONFIRM", - "url" : "http://italk.sourceforge.net/italk-sa-1.txt" - }, - { - "name" : "ADV-2006-5014", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5014" - }, - { - "name" : "23374", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23374" - }, - { - "name" : "italkplus-unspecifiedbo(30900)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30900" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in italkplus (Italk+) before 0.92.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://italk.sourceforge.net/italk-sa-1.txt", + "refsource": "CONFIRM", + "url": "http://italk.sourceforge.net/italk-sa-1.txt" + }, + { + "name": "italkplus-unspecifiedbo(30900)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30900" + }, + { + "name": "23374", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23374" + }, + { + "name": "ADV-2006-5014", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5014" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6723.json b/2006/6xxx/CVE-2006-6723.json index 66680ac4ecc..c5cb075be3d 100644 --- a/2006/6xxx/CVE-2006-6723.json +++ b/2006/6xxx/CVE-2006-6723.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3013", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3013" - }, - { - "name" : "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2005/20051116", - "refsource" : "MISC", - "url" : "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2005/20051116" - }, - { - "name" : "ADV-2006-5142", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5142" - }, - { - "name" : "1017441", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017441" - }, - { - "name" : "23487", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3013", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3013" + }, + { + "name": "23487", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23487" + }, + { + "name": "1017441", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017441" + }, + { + "name": "ADV-2006-5142", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5142" + }, + { + "name": "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2005/20051116", + "refsource": "MISC", + "url": "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2005/20051116" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6795.json b/2006/6xxx/CVE-2006-6795.json index 76a3a21bad8..0f1d0fb429b 100644 --- a/2006/6xxx/CVE-2006-6795.json +++ b/2006/6xxx/CVE-2006-6795.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in gallery/displayCategory.php in the My_eGallery 2.5.6 module in myPHPNuke (MPN) allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cyber-security.org/DataDetayAll.asp?Data_id=586", - "refsource" : "MISC", - "url" : "http://cyber-security.org/DataDetayAll.asp?Data_id=586" - }, - { - "name" : "3010", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3010" - }, - { - "name" : "21744", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21744" - }, - { - "name" : "myphpnuke-display-file-include(31136)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in gallery/displayCategory.php in the My_eGallery 2.5.6 module in myPHPNuke (MPN) allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "myphpnuke-display-file-include(31136)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31136" + }, + { + "name": "http://cyber-security.org/DataDetayAll.asp?Data_id=586", + "refsource": "MISC", + "url": "http://cyber-security.org/DataDetayAll.asp?Data_id=586" + }, + { + "name": "3010", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3010" + }, + { + "name": "21744", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21744" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6939.json b/2006/6xxx/CVE-2006-6939.json index 49c58af28a1..0a910d2f42c 100644 --- a/2006/6xxx/CVE-2006-6939.json +++ b/2006/6xxx/CVE-2006-6939.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6939", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://freshmeat.net/projects/ed/?branch_id=17855&release_id=240890", - "refsource" : "CONFIRM", - "url" : "http://freshmeat.net/projects/ed/?branch_id=17855&release_id=240890" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-962", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-962" - }, - { - "name" : "FEDORA-2007-099", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/cms/node/2449" - }, - { - "name" : "FEDORA-2007-100", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/cms/node/2450" - }, - { - "name" : "MDKSA-2007:023", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:023" - }, - { - "name" : "2007-0005", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2007/0005" - }, - { - "name" : "22129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22129" - }, - { - "name" : "ADV-2006-4573", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4573" - }, - { - "name" : "23832", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23832" - }, - { - "name" : "23848", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23848" - }, - { - "name" : "23857", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23857" - }, - { - "name" : "24054", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24054" - }, - { - "name" : "gnued-opensbuf-symlink(30374)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30374" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gnued-opensbuf-symlink(30374)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30374" + }, + { + "name": "MDKSA-2007:023", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:023" + }, + { + "name": "2007-0005", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2007/0005" + }, + { + "name": "23832", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23832" + }, + { + "name": "23857", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23857" + }, + { + "name": "FEDORA-2007-099", + "refsource": "FEDORA", + "url": "http://fedoranews.org/cms/node/2449" + }, + { + "name": "23848", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23848" + }, + { + "name": "22129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22129" + }, + { + "name": "FEDORA-2007-100", + "refsource": "FEDORA", + "url": "http://fedoranews.org/cms/node/2450" + }, + { + "name": "24054", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24054" + }, + { + "name": "ADV-2006-4573", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4573" + }, + { + "name": "http://freshmeat.net/projects/ed/?branch_id=17855&release_id=240890", + "refsource": "CONFIRM", + "url": "http://freshmeat.net/projects/ed/?branch_id=17855&release_id=240890" + }, + { + "name": "https://issues.rpath.com/browse/RPL-962", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-962" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2168.json b/2010/2xxx/CVE-2010-2168.json index db1f51bf44b..767bf78fc0a 100644 --- a/2010/2xxx/CVE-2010-2168.json +++ b/2010/2xxx/CVE-2010-2168.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2168", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content, involving the newfunction (0x44) operator and an \"invalid pointer vulnerability\" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2201." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2168", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100630 VUPEN Security Research - Adobe Acrobat and Reader \"newfunction\" Memory Corruption Vulnerability (CVE-2010-2168)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/512096" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-15.html" - }, - { - "name" : "41236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41236" - }, - { - "name" : "oval:org.mitre.oval:def:7167", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7167" - }, - { - "name" : "1024159", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024159" - }, - { - "name" : "ADV-2010-1636", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content, involving the newfunction (0x44) operator and an \"invalid pointer vulnerability\" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2201." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1636", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1636" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-15.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-15.html" + }, + { + "name": "41236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41236" + }, + { + "name": "20100630 VUPEN Security Research - Adobe Acrobat and Reader \"newfunction\" Memory Corruption Vulnerability (CVE-2010-2168)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/512096" + }, + { + "name": "1024159", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024159" + }, + { + "name": "oval:org.mitre.oval:def:7167", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7167" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2383.json b/2010/2xxx/CVE-2010-2383.json index 5b472ce451c..60960618aec 100644 --- a/2010/2xxx/CVE-2010-2383.json +++ b/2010/2xxx/CVE-2010-2383.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect confidentiality and integrity, related to NFS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-2383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect confidentiality and integrity, related to NFS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2434.json b/2010/2xxx/CVE-2010-2434.json index 258440d2aaa..bc8ba7b21c0 100644 --- a/2010/2xxx/CVE-2010-2434.json +++ b/2010/2xxx/CVE-2010-2434.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Arcext.dll 2.16.1 and earlier in pon software Explzh 5.62 and earlier allows remote attackers to execute arbitrary code via an LZH LHA file with a crafted header that is not properly handled during expansion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2010-2434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ponsoftware.com/archiver/bug.htm#lzh_bufover", - "refsource" : "CONFIRM", - "url" : "http://www.ponsoftware.com/archiver/bug.htm#lzh_bufover" - }, - { - "name" : "JVN#34729123", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN34729123/index.html" - }, - { - "name" : "JVNDB-2010-000026", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000026.html" - }, - { - "name" : "41025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41025" - }, - { - "name" : "65666", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65666" - }, - { - "name" : "40324", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40324" - }, - { - "name" : "explzh-lhaprocessing-bo(59624)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59624" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Arcext.dll 2.16.1 and earlier in pon software Explzh 5.62 and earlier allows remote attackers to execute arbitrary code via an LZH LHA file with a crafted header that is not properly handled during expansion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "65666", + "refsource": "OSVDB", + "url": "http://osvdb.org/65666" + }, + { + "name": "41025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41025" + }, + { + "name": "http://www.ponsoftware.com/archiver/bug.htm#lzh_bufover", + "refsource": "CONFIRM", + "url": "http://www.ponsoftware.com/archiver/bug.htm#lzh_bufover" + }, + { + "name": "40324", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40324" + }, + { + "name": "JVNDB-2010-000026", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000026.html" + }, + { + "name": "explzh-lhaprocessing-bo(59624)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59624" + }, + { + "name": "JVN#34729123", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN34729123/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2498.json b/2010/2xxx/CVE-2010-2498.json index 58104266b00..1c884384f3b 100644 --- a/2010/2xxx/CVE-2010-2498.json +++ b/2010/2xxx/CVE-2010-2498.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[freetype] 20100712 FreeType 2.4.0 has been released", - "refsource" : "MLIST", - "url" : "http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html" - }, - { - "name" : "[oss-security] 20100713 Multiple bugs in freetype", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127905701201340&w=2" - }, - { - "name" : "[oss-security] 20100714 Re: Multiple bugs in freetype", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127909326909362&w=2" - }, - { - "name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8d22746c9e5af80ff4304aef440986403a5072e2", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8d22746c9e5af80ff4304aef440986403a5072e2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=613160", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=613160" - }, - { - "name" : "https://savannah.nongnu.org/bugs/?30106", - "refsource" : "CONFIRM", - "url" : "https://savannah.nongnu.org/bugs/?30106" - }, - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "DSA-2070", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2070" - }, - { - "name" : "MDVSA-2010:137", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:137" - }, - { - "name" : "RHSA-2010:0578", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0578.html" - }, - { - "name" : "USN-963-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-963-1" - }, - { - "name" : "1024266", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024266" - }, - { - "name" : "48951", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48951" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-963-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-963-1" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=613160", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=613160" + }, + { + "name": "https://savannah.nongnu.org/bugs/?30106", + "refsource": "CONFIRM", + "url": "https://savannah.nongnu.org/bugs/?30106" + }, + { + "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8d22746c9e5af80ff4304aef440986403a5072e2", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8d22746c9e5af80ff4304aef440986403a5072e2" + }, + { + "name": "[freetype] 20100712 FreeType 2.4.0 has been released", + "refsource": "MLIST", + "url": "http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "[oss-security] 20100714 Re: Multiple bugs in freetype", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127909326909362&w=2" + }, + { + "name": "DSA-2070", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2070" + }, + { + "name": "[oss-security] 20100713 Multiple bugs in freetype", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127905701201340&w=2" + }, + { + "name": "1024266", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024266" + }, + { + "name": "RHSA-2010:0578", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0578.html" + }, + { + "name": "MDVSA-2010:137", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:137" + }, + { + "name": "48951", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48951" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3671.json b/2010/3xxx/CVE-2010-3671.json index ac2891ff48e..10f19660c60 100644 --- a/2010/3xxx/CVE-2010-3671.json +++ b/2010/3xxx/CVE-2010-3671.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3671", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3671", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0190.json b/2011/0xxx/CVE-2011-0190.json index 305bf7e752d..fbe043b673d 100644 --- a/2011/0xxx/CVE-2011-0190.json +++ b/2011/0xxx/CVE-2011-0190.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an Apple server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4581", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4581" - }, - { - "name" : "APPLE-SA-2011-03-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an Apple server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2011-03-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" + }, + { + "name": "http://support.apple.com/kb/HT4581", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4581" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0322.json b/2011/0xxx/CVE-2011-0322.json index 4b5c5566bab..d3296552ba4 100644 --- a/2011/0xxx/CVE-2011-0322.json +++ b/2011/0xxx/CVE-2011-0322.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in EMC RSA Access Manager Server 5.5.x, 6.0.x, and 6.1.x allows remote attackers to access resources via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2011-0322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110315 ESA-2011-009: RSA, The Security Division of EMC, announces a fix for potential security vulnerability in RSA Access Manager Server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517023/100/0/threaded" - }, - { - "name" : "46875", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46875" - }, - { - "name" : "1025214", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025214" - }, - { - "name" : "43796", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43796" - }, - { - "name" : "8142", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8142" - }, - { - "name" : "ADV-2011-0676", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0676" - }, - { - "name" : "rsa-unspecified-security-bypass(66104)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66104" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in EMC RSA Access Manager Server 5.5.x, 6.0.x, and 6.1.x allows remote attackers to access resources via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43796", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43796" + }, + { + "name": "8142", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8142" + }, + { + "name": "1025214", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025214" + }, + { + "name": "46875", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46875" + }, + { + "name": "20110315 ESA-2011-009: RSA, The Security Division of EMC, announces a fix for potential security vulnerability in RSA Access Manager Server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517023/100/0/threaded" + }, + { + "name": "ADV-2011-0676", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0676" + }, + { + "name": "rsa-unspecified-security-bypass(66104)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66104" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0664.json b/2011/0xxx/CVE-2011-0664.json index a7251dd6e76..74ae03ea966 100644 --- a/2011/0xxx/CVE-2011-0664.json +++ b/2011/0xxx/CVE-2011-0664.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka \".NET Framework Array Offset Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-0664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-039", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-039" - }, - { - "name" : "oval:org.mitre.oval:def:12105", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka \".NET Framework Array Offset Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12105", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12105" + }, + { + "name": "MS11-039", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-039" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1136.json b/2011/1xxx/CVE-2011-1136.json index a0265c42a39..57884c47603 100644 --- a/2011/1xxx/CVE-2011-1136.json +++ b/2011/1xxx/CVE-2011-1136.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1136", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1136", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1286.json b/2011/1xxx/CVE-2011-1286.json index 9c2ada8e4c7..16a5e5c319b 100644 --- a/2011/1xxx/CVE-2011-1286.json +++ b/2011/1xxx/CVE-2011-1286.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger incorrect access to memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=74675", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=74675" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html" - }, - { - "name" : "46785", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46785" - }, - { - "name" : "oval:org.mitre.oval:def:14455", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14455" - }, - { - "name" : "ADV-2011-0628", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0628" - }, - { - "name" : "google-memory-info-discloure(65970)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65970" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger incorrect access to memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=74675", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=74675" + }, + { + "name": "46785", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46785" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html" + }, + { + "name": "google-memory-info-discloure(65970)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65970" + }, + { + "name": "oval:org.mitre.oval:def:14455", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14455" + }, + { + "name": "ADV-2011-0628", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0628" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1473.json b/2011/1xxx/CVE-2011-1473.json index 632c6c10273..141954b2859 100644 --- a/2011/1xxx/CVE-2011-1473.json +++ b/2011/1xxx/CVE-2011-1473.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html" - }, - { - "name" : "[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/08/2" - }, - { - "name" : "[tls] 20110315 Re: SSL Renegotiation DOS", - "refsource" : "MLIST", - "url" : "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html" - }, - { - "name" : "[tls] 20110315 Re: SSL Renegotiation DOS", - "refsource" : "MLIST", - "url" : "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html" - }, - { - "name" : "[tls] 20110315 SSL Renegotiation DOS", - "refsource" : "MLIST", - "url" : "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html" - }, - { - "name" : "[tls] 20110318 Re: SSL Renegotiation DOS", - "refsource" : "MLIST", - "url" : "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html" - }, - { - "name" : "[tls] 20110318 Re: SSL Renegotiation DOS", - "refsource" : "MLIST", - "url" : "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html" - }, - { - "name" : "http://orchilles.com/2011/03/ssl-renegotiation-dos.html", - "refsource" : "MISC", - "url" : "http://orchilles.com/2011/03/ssl-renegotiation-dos.html" - }, - { - "name" : "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html", - "refsource" : "MISC", - "url" : "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html" - }, - { - "name" : "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html", - "refsource" : "MISC", - "url" : "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=707065", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=707065" - }, - { - "name" : "HPSBMU02776", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133951357207000&w=2" - }, - { - "name" : "SSRT100852", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133951357207000&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html", + "refsource": "MISC", + "url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html" + }, + { + "name": "[tls] 20110315 Re: SSL Renegotiation DOS", + "refsource": "MLIST", + "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html" + }, + { + "name": "[tls] 20110318 Re: SSL Renegotiation DOS", + "refsource": "MLIST", + "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=707065", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065" + }, + { + "name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html" + }, + { + "name": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html", + "refsource": "MISC", + "url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html" + }, + { + "name": "[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/08/2" + }, + { + "name": "SSRT100852", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133951357207000&w=2" + }, + { + "name": "[tls] 20110318 Re: SSL Renegotiation DOS", + "refsource": "MLIST", + "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html" + }, + { + "name": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html", + "refsource": "MISC", + "url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html" + }, + { + "name": "HPSBMU02776", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133951357207000&w=2" + }, + { + "name": "[tls] 20110315 SSL Renegotiation DOS", + "refsource": "MLIST", + "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html" + }, + { + "name": "[tls] 20110315 Re: SSL Renegotiation DOS", + "refsource": "MLIST", + "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1962.json b/2011/1xxx/CVE-2011-1962.json index e93a353a325..a514be185df 100644 --- a/2011/1xxx/CVE-2011-1962.json +++ b/2011/1xxx/CVE-2011-1962.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers \"inactive filtering,\" aka \"Shift JIS Character Encoding Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-057", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057" - }, - { - "name" : "oval:org.mitre.oval:def:12657", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers \"inactive filtering,\" aka \"Shift JIS Character Encoding Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS11-057", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057" + }, + { + "name": "oval:org.mitre.oval:def:12657", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12657" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2573.json b/2014/2xxx/CVE-2014-2573.json index 8d42ca4c124..b163bacf1d7 100644 --- a/2014/2xxx/CVE-2014-2573.json +++ b/2014/2xxx/CVE-2014-2573.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140321 CVE request for vulnerability in OpenStack Nova", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/03/21/1" - }, - { - "name" : "[oss-security] 20140321 Re: CVE request for vulnerability in OpenStack Nova", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/03/21/2" - }, - { - "name" : "https://bugs.launchpad.net/nova/+bug/1269418", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/nova/+bug/1269418" - }, - { - "name" : "57498", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140321 Re: CVE request for vulnerability in OpenStack Nova", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/03/21/2" + }, + { + "name": "57498", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57498" + }, + { + "name": "https://bugs.launchpad.net/nova/+bug/1269418", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/nova/+bug/1269418" + }, + { + "name": "[oss-security] 20140321 CVE request for vulnerability in OpenStack Nova", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/03/21/1" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2786.json b/2014/2xxx/CVE-2014-2786.json index 7846944db70..ebcae516b7b 100644 --- a/2014/2xxx/CVE-2014-2786.json +++ b/2014/2xxx/CVE-2014-2786.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2792 and CVE-2014-2813." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-037", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037" - }, - { - "name" : "68371", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68371" - }, - { - "name" : "1030532", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030532" - }, - { - "name" : "59775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2792 and CVE-2014-2813." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68371", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68371" + }, + { + "name": "MS14-037", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037" + }, + { + "name": "59775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59775" + }, + { + "name": "1030532", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030532" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3045.json b/2014/3xxx/CVE-2014-3045.json index 5a5842dd076..89efbe26127 100644 --- a/2014/3xxx/CVE-2014-3045.json +++ b/2014/3xxx/CVE-2014-3045.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Scale Out Network Attached Storage (SONAS) 1.3.x and 1.4.x before 1.4.3.3 places an administrative password in the shell history upon use of the -p option to chuser, which allows local users to obtain sensitive information by leveraging root access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004815", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004815" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Scale Out Network Attached Storage (SONAS) 1.3.x and 1.4.x before 1.4.3.3 places an administrative password in the shell history upon use of the -p option to chuser, which allows local users to obtain sensitive information by leveraging root access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004815", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004815" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3275.json b/2014/3xxx/CVE-2014-3275.json index 34d804fb657..a2f91271034 100644 --- a/2014/3xxx/CVE-2014-3275.json +++ b/2014/3xxx/CVE-2014-3275.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34328", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34328" - }, - { - "name" : "20140521 Cisco ISE Blind SQL Injection Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3275" - }, - { - "name" : "67555", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67555" - }, - { - "name" : "1030273", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67555", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67555" + }, + { + "name": "20140521 Cisco ISE Blind SQL Injection Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3275" + }, + { + "name": "1030273", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030273" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34328", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34328" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3393.json b/2014/3xxx/CVE-2014-3393.json index 9e74d3db236..4d1ff6767fe 100644 --- a/2014/3xxx/CVE-2014-3393.json +++ b/2014/3xxx/CVE-2014-3393.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly implement authentication, which allows remote attackers to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141008 Multiple Vulnerabilities in Cisco ASA Software", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly implement authentication, which allows remote attackers to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141008 Multiple Vulnerabilities in Cisco ASA Software", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6218.json b/2014/6xxx/CVE-2014-6218.json index b8067427b8a..7fdf8b1d415 100644 --- a/2014/6xxx/CVE-2014-6218.json +++ b/2014/6xxx/CVE-2014-6218.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6218", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6218", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6538.json b/2014/6xxx/CVE-2014-6538.json index 31f264ad86e..db57cfebdb0 100644 --- a/2014/6xxx/CVE-2014-6538.json +++ b/2014/6xxx/CVE-2014-6538.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-4295, and CVE-2014-6563." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70495" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-4295, and CVE-2014-6563." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70495" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6919.json b/2014/6xxx/CVE-2014-6919.json index d6c527ebed5..05701df48f1 100644 --- a/2014/6xxx/CVE-2014-6919.json +++ b/2014/6xxx/CVE-2014-6919.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Metalcasting Newsstand (aka air.com.yudu.ReaderAIR3017071) application 3.12.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#542369", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/542369" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Metalcasting Newsstand (aka air.com.yudu.ReaderAIR3017071) application 3.12.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#542369", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/542369" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7041.json b/2014/7xxx/CVE-2014-7041.json index d3bb876c35e..c6c6f6affc0 100644 --- a/2014/7xxx/CVE-2014-7041.json +++ b/2014/7xxx/CVE-2014-7041.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SimGene (aka com.japanbioinformatics.simgene) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#373233", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/373233" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SimGene (aka com.japanbioinformatics.simgene) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#373233", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/373233" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7176.json b/2014/7xxx/CVE-2014-7176.json index 9cb129bebcb..bd24297b20e 100644 --- a/2014/7xxx/CVE-2014-7176.json +++ b/2014/7xxx/CVE-2014-7176.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7176", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7176", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "35098", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/35098" - }, - { - "name" : "20141028 CVE-2014-7176 - Authenticated Blind SQL Injection in Enalean Tuleap", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Oct/119" - }, - { - "name" : "http://packetstormsecurity.com/files/128875/Tuleap-7.4.99.5-Blind-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128875/Tuleap-7.4.99.5-Blind-SQL-Injection.html" - }, - { - "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7176/", - "refsource" : "MISC", - "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7176/" - }, - { - "name" : "https://www.tuleap.org/recent-vulnerabilities", - "refsource" : "CONFIRM", - "url" : "https://www.tuleap.org/recent-vulnerabilities" - }, - { - "name" : "70773", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70773" - }, - { - "name" : "tuleap-cve20147176-sql-injection(98307)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7176/", + "refsource": "MISC", + "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7176/" + }, + { + "name": "35098", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/35098" + }, + { + "name": "20141028 CVE-2014-7176 - Authenticated Blind SQL Injection in Enalean Tuleap", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Oct/119" + }, + { + "name": "70773", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70773" + }, + { + "name": "tuleap-cve20147176-sql-injection(98307)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98307" + }, + { + "name": "https://www.tuleap.org/recent-vulnerabilities", + "refsource": "CONFIRM", + "url": "https://www.tuleap.org/recent-vulnerabilities" + }, + { + "name": "http://packetstormsecurity.com/files/128875/Tuleap-7.4.99.5-Blind-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128875/Tuleap-7.4.99.5-Blind-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7633.json b/2014/7xxx/CVE-2014-7633.json index 6036a8bd6ca..39d7ccea20c 100644 --- a/2014/7xxx/CVE-2014-7633.json +++ b/2014/7xxx/CVE-2014-7633.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Dino Zoo (aka com.tappocket.dinozoostar) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#371913", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/371913" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Dino Zoo (aka com.tappocket.dinozoostar) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#371913", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/371913" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7670.json b/2014/7xxx/CVE-2014-7670.json index efcda1be8bb..a756c31cb8d 100644 --- a/2014/7xxx/CVE-2014-7670.json +++ b/2014/7xxx/CVE-2014-7670.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Motor Town: Machine Soul Free (aka com.alawar.motortownfree) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#237713", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/237713" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Motor Town: Machine Soul Free (aka com.alawar.motortownfree) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#237713", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/237713" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7790.json b/2014/7xxx/CVE-2014-7790.json index 45ff50d8888..7e30a479b4e 100644 --- a/2014/7xxx/CVE-2014-7790.json +++ b/2014/7xxx/CVE-2014-7790.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7790", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7790", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8184.json b/2014/8xxx/CVE-2014-8184.json index 083e57c1f6a..cf2e1d573b9 100644 --- a/2014/8xxx/CVE-2014-8184.json +++ b/2014/8xxx/CVE-2014-8184.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8184", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8184", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2394.json b/2016/2xxx/CVE-2016-2394.json index ad4e6cea019..426be0899eb 100644 --- a/2016/2xxx/CVE-2016-2394.json +++ b/2016/2xxx/CVE-2016-2394.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2394", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2394", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2791.json b/2016/2xxx/CVE-2016-2791.json index b1ad4f7aebf..fb156f5b1c7 100644 --- a/2016/2xxx/CVE-2016-2791.json +++ b/2016/2xxx/CVE-2016-2791.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-2791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1243473", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1243473" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "DSA-3510", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3510" - }, - { - "name" : "DSA-3515", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3515" - }, - { - "name" : "DSA-3520", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3520" - }, - { - "name" : "GLSA-201605-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201605-06" - }, - { - "name" : "GLSA-201701-63", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-63" - }, - { - "name" : "openSUSE-SU-2016:0894", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html" - }, - { - "name" : "openSUSE-SU-2016:1767", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html" - }, - { - "name" : "openSUSE-SU-2016:1769", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html" - }, - { - "name" : "openSUSE-SU-2016:1778", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html" - }, - { - "name" : "SUSE-SU-2016:0909", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html" - }, - { - "name" : "SUSE-SU-2016:0727", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html" - }, - { - "name" : "SUSE-SU-2016:0777", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html" - }, - { - "name" : "openSUSE-SU-2016:0731", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html" - }, - { - "name" : "openSUSE-SU-2016:0733", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html" - }, - { - "name" : "SUSE-SU-2016:0820", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html" - }, - { - "name" : "openSUSE-SU-2016:0876", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html" - }, - { - "name" : "USN-2917-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2917-2" - }, - { - "name" : "USN-2917-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2917-3" - }, - { - "name" : "USN-2934-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2934-1" - }, - { - "name" : "USN-2917-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2917-1" - }, - { - "name" : "USN-2927-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2927-1" - }, - { - "name" : "84222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84222" - }, - { - "name" : "1035215", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:0894", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html" + }, + { + "name": "84222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84222" + }, + { + "name": "SUSE-SU-2016:0820", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html" + }, + { + "name": "openSUSE-SU-2016:1767", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "openSUSE-SU-2016:0731", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html" + }, + { + "name": "SUSE-SU-2016:0727", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html" + }, + { + "name": "openSUSE-SU-2016:1778", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html" + }, + { + "name": "openSUSE-SU-2016:0876", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html" + }, + { + "name": "USN-2917-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2917-1" + }, + { + "name": "USN-2927-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2927-1" + }, + { + "name": "DSA-3520", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3520" + }, + { + "name": "openSUSE-SU-2016:1769", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html" + }, + { + "name": "SUSE-SU-2016:0909", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html" + }, + { + "name": "DSA-3510", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3510" + }, + { + "name": "openSUSE-SU-2016:0733", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html" + }, + { + "name": "1035215", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035215" + }, + { + "name": "SUSE-SU-2016:0777", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html" + }, + { + "name": "GLSA-201605-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201605-06" + }, + { + "name": "DSA-3515", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3515" + }, + { + "name": "USN-2934-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2934-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243473", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243473" + }, + { + "name": "GLSA-201701-63", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-63" + }, + { + "name": "USN-2917-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2917-2" + }, + { + "name": "USN-2917-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2917-3" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1492.json b/2017/1xxx/CVE-2017-1492.json index 3cc579cf6cc..f837e95506c 100644 --- a/2017/1xxx/CVE-2017-1492.json +++ b/2017/1xxx/CVE-2017-1492.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1492", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1492", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1645.json b/2017/1xxx/CVE-2017-1645.json index d80a4cd8ffd..2e45735656e 100644 --- a/2017/1xxx/CVE-2017-1645.json +++ b/2017/1xxx/CVE-2017-1645.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1645", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1645", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1838.json b/2017/1xxx/CVE-2017-1838.json index d75716800c0..b3b4f797c38 100644 --- a/2017/1xxx/CVE-2017-1838.json +++ b/2017/1xxx/CVE-2017-1838.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1838", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1838", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1911.json b/2017/1xxx/CVE-2017-1911.json index 353f24ee66e..d54a3b7a5e7 100644 --- a/2017/1xxx/CVE-2017-1911.json +++ b/2017/1xxx/CVE-2017-1911.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1911", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1911", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1974.json b/2017/1xxx/CVE-2017-1974.json index 7e6364f1cfe..0ed57f6ecc8 100644 --- a/2017/1xxx/CVE-2017-1974.json +++ b/2017/1xxx/CVE-2017-1974.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1974", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1974", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5079.json b/2017/5xxx/CVE-2017-5079.json index 93849a02594..2bc471949a4 100644 --- a/2017/5xxx/CVE-2017-5079.json +++ b/2017/5xxx/CVE-2017-5079.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Inappropriate implementation" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/713686", - "refsource" : "MISC", - "url" : "https://crbug.com/713686" - }, - { - "name" : "GLSA-201706-20", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-20" - }, - { - "name" : "RHSA-2017:1399", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1399" - }, - { - "name" : "98861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98861" - }, - { - "name" : "1038622", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98861" + }, + { + "name": "RHSA-2017:1399", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1399" + }, + { + "name": "1038622", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038622" + }, + { + "name": "GLSA-201706-20", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-20" + }, + { + "name": "https://crbug.com/713686", + "refsource": "MISC", + "url": "https://crbug.com/713686" + }, + { + "name": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5153.json b/2017/5xxx/CVE-2017-5153.json index 3f0e053383a..6f7f227f5ce 100644 --- a/2017/5xxx/CVE-2017-5153.json +++ b/2017/5xxx/CVE-2017-5153.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-5153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OSIsoft PI Coresight and PI Web API", - "version" : { - "version_data" : [ - { - "version_value" : "OSIsoft PI Coresight and PI Web API" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OSIsoft PI Coresight and PI Web API information exposure" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-5153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OSIsoft PI Coresight and PI Web API", + "version": { + "version_data": [ + { + "version_value": "OSIsoft PI Coresight and PI Web API" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-010-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-010-01" - }, - { - "name" : "95355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95355" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OSIsoft PI Coresight and PI Web API information exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95355" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-010-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-010-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5801.json b/2017/5xxx/CVE-2017-5801.json index dc2c95b398f..3b61dffa064 100644 --- a/2017/5xxx/CVE-2017-5801.json +++ b/2017/5xxx/CVE-2017-5801.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-04-04T00:00:00", - "ID" : "CVE-2017-5801", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Business Process Monitor", - "version" : { - "version_data" : [ - { - "version_value" : "v09.2x, v09.30" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Unauthorized Access to Data vulnerability in HPE Business Process Monitor version v09.2x, v09.30 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Unauthorized Access to Data" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-04-04T00:00:00", + "ID": "CVE-2017-5801", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Business Process Monitor", + "version": { + "version_data": [ + { + "version_value": "v09.2x, v09.30" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03727en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03727en_us" - }, - { - "name" : "97386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97386" - }, - { - "name" : "1038176", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Unauthorized Access to Data vulnerability in HPE Business Process Monitor version v09.2x, v09.30 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Unauthorized Access to Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97386" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03727en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03727en_us" + }, + { + "name": "1038176", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038176" + } + ] + } +} \ No newline at end of file