diff --git a/2001/0xxx/CVE-2001-0276.json b/2001/0xxx/CVE-2001-0276.json index 955e064ebb9..542b5900d21 100644 --- a/2001/0xxx/CVE-2001-0276.json +++ b/2001/0xxx/CVE-2001-0276.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0276", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the physical path of the server by directly calling ext.dll without any arguments, which produces an error message that contains the path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0276", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010217 BadBlue Web Server Ext.dll Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98263019502565&w=2" - }, - { - "name" : "http://www.badblue.com/p010219.htm", - "refsource" : "CONFIRM", - "url" : "http://www.badblue.com/p010219.htm" - }, - { - "name" : "2390", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2390" - }, - { - "name" : "badblue-ext-reveal-path(6130)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6130" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the physical path of the server by directly calling ext.dll without any arguments, which produces an error message that contains the path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010217 BadBlue Web Server Ext.dll Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98263019502565&w=2" + }, + { + "name": "2390", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2390" + }, + { + "name": "http://www.badblue.com/p010219.htm", + "refsource": "CONFIRM", + "url": "http://www.badblue.com/p010219.htm" + }, + { + "name": "badblue-ext-reveal-path(6130)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6130" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0573.json b/2001/0xxx/CVE-2001-0573.json index bf61e0b01b4..30c0f9630e6 100644 --- a/2001/0xxx/CVE-2001-0573.json +++ b/2001/0xxx/CVE-2001-0573.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lsfs in AIX 4.x allows a local user to gain additional privileges by creating Trojan horse programs named (1) grep or (2) lslv in a certain directory that is under the user's control, which cause lsfs to access the programs in that directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IY16909", - "refsource" : "AIXAPAR", - "url" : "http://archives.neohapsis.com/archives/aix/2001-q2/0000.html" - }, - { - "name" : "aix-lsfs-path(7007)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7007" - }, - { - "name" : "VU#123651", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/123651" - }, - { - "name" : "5582", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5582" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lsfs in AIX 4.x allows a local user to gain additional privileges by creating Trojan horse programs named (1) grep or (2) lslv in a certain directory that is under the user's control, which cause lsfs to access the programs in that directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IY16909", + "refsource": "AIXAPAR", + "url": "http://archives.neohapsis.com/archives/aix/2001-q2/0000.html" + }, + { + "name": "VU#123651", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/123651" + }, + { + "name": "5582", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5582" + }, + { + "name": "aix-lsfs-path(7007)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7007" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0579.json b/2001/0xxx/CVE-2001-0579.json index ee02bf07577..4508ebd19c4 100644 --- a/2001/0xxx/CVE-2001-0579.json +++ b/2001/0xxx/CVE-2001-0579.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first argument to the command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010327 SCO 5.0.6 issues (lpadmin) ", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-03/0421.html" - }, - { - "name" : "20010412 SSE072B: SCO OpenServer revision of buffer overflow fixes", - "refsource" : "BUGTRAQ", - "url" : "http://security-archive.merton.ox.ac.uk/bugtraq-200104/0221.html" - }, - { - "name" : "sco-openserver-lpadmin-bo(6291)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first argument to the command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sco-openserver-lpadmin-bo(6291)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6291" + }, + { + "refsource": "BUGTRAQ", + "name": "20010327 SCO 5.0.6 issues (lpadmin)", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0421.html" + }, + { + "name": "20010412 SSE072B: SCO OpenServer revision of buffer overflow fixes", + "refsource": "BUGTRAQ", + "url": "http://security-archive.merton.ox.ac.uk/bugtraq-200104/0221.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0895.json b/2001/0xxx/CVE-2001-0895.json index 4fa11bd5341..937769247cb 100644 --- a/2001/0xxx/CVE-2001-0895.json +++ b/2001/0xxx/CVE-2001-0895.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple Cisco networking products allow remote attackers to cause a denial of service on the local network via a series of ARP packets sent to the router's interface that contains a different MAC address for the router, which eventually causes the router to overwrite the MAC address in its ARP table." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011115 Cisco IOS ARP Table Overwrite Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/IOS-arp-overwrite-vuln-pub.shtml" - }, - { - "name" : "VU#399355", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/399355" - }, - { - "name" : "3547", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3547" - }, - { - "name" : "807", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/807" - }, - { - "name" : "cisco-arp-overwrite-table(7547)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple Cisco networking products allow remote attackers to cause a denial of service on the local network via a series of ARP packets sent to the router's interface that contains a different MAC address for the router, which eventually causes the router to overwrite the MAC address in its ARP table." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#399355", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/399355" + }, + { + "name": "20011115 Cisco IOS ARP Table Overwrite Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/IOS-arp-overwrite-vuln-pub.shtml" + }, + { + "name": "807", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/807" + }, + { + "name": "3547", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3547" + }, + { + "name": "cisco-arp-overwrite-table(7547)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7547" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1168.json b/2001/1xxx/CVE-2001-1168.json index b88e2e4d237..34072bc3ca9 100644 --- a/2001/1xxx/CVE-2001-1168.json +++ b/2001/1xxx/CVE-2001-1168.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1168", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in PhpMyExplorer before 1.2.1 allows remote attackers to read arbitrary files via a ..%2F (modified dot dot) in the chemin parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1168", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010829 eRisk Security Advisory: PhpMyExplorer vulnerable to directory traversal.", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-08/0408.html" - }, - { - "name" : "20010830 Re: eRisk Security Advisory: PhpMyExplorer vulnerable to directory traversal.", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-08/0418.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in PhpMyExplorer before 1.2.1 allows remote attackers to read arbitrary files via a ..%2F (modified dot dot) in the chemin parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010829 eRisk Security Advisory: PhpMyExplorer vulnerable to directory traversal.", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-08/0408.html" + }, + { + "name": "20010830 Re: eRisk Security Advisory: PhpMyExplorer vulnerable to directory traversal.", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-08/0418.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2211.json b/2006/2xxx/CVE-2006-2211.json index d7cb8d962a7..c83207e24e3 100644 --- a/2006/2xxx/CVE-2006-2211.json +++ b/2006/2xxx/CVE-2006-2211.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path traversal vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to browse arbitrary directories via the path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060502 321soft PhP Gallery 0.9 - directory travel & XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/432964/100/0/threaded" - }, - { - "name" : "http://d4igoro.blogspot.com/2006/05/321soft-php-gallery-09-directory.html", - "refsource" : "MISC", - "url" : "http://d4igoro.blogspot.com/2006/05/321soft-php-gallery-09-directory.html" - }, - { - "name" : "17812", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17812" - }, - { - "name" : "ADV-2006-1629", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1629" - }, - { - "name" : "19924", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19924" - }, - { - "name" : "phpgallery-index-info-disclosure(26231)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path traversal vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to browse arbitrary directories via the path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17812", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17812" + }, + { + "name": "http://d4igoro.blogspot.com/2006/05/321soft-php-gallery-09-directory.html", + "refsource": "MISC", + "url": "http://d4igoro.blogspot.com/2006/05/321soft-php-gallery-09-directory.html" + }, + { + "name": "20060502 321soft PhP Gallery 0.9 - directory travel & XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/432964/100/0/threaded" + }, + { + "name": "19924", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19924" + }, + { + "name": "ADV-2006-1629", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1629" + }, + { + "name": "phpgallery-index-info-disclosure(26231)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26231" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2346.json b/2006/2xxx/CVE-2006-2346.json index f29f496d8cc..5d03251b64a 100644 --- a/2006/2xxx/CVE-2006-2346.json +++ b/2006/2xxx/CVE-2006-2346.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows remote attackers to authenticate to an account that does not have a cleartext password set by using a blank password to (1) SMTP AUTH or (2) APOP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=415350", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=415350" - }, - { - "name" : "17894", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17894" - }, - { - "name" : "ADV-2006-1698", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1698" - }, - { - "name" : "25445", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25445" - }, - { - "name" : "19987", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19987" - }, - { - "name" : "vpopmail-auth-bypass(26333)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26333" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows remote attackers to authenticate to an account that does not have a cleartext password set by using a blank password to (1) SMTP AUTH or (2) APOP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1698", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1698" + }, + { + "name": "vpopmail-auth-bypass(26333)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26333" + }, + { + "name": "19987", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19987" + }, + { + "name": "17894", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17894" + }, + { + "name": "25445", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25445" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=415350", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=415350" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2368.json b/2006/2xxx/CVE-2006-2368.json index c4e8633bd11..07336fa5d30 100644 --- a/2006/2xxx/CVE-2006-2368.json +++ b/2006/2xxx/CVE-2006-2368.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka Clanpage System) 1.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060412 Clansys v.1.1 Multiple Xss Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-04/0238.html" - }, - { - "name" : "http://soot.shabgard.org/bugs/Clansys.txt", - "refsource" : "MISC", - "url" : "http://soot.shabgard.org/bugs/Clansys.txt" - }, - { - "name" : "1015934", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015934" - }, - { - "name" : "19609", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19609" - }, - { - "name" : "892", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/892" - }, - { - "name" : "clansys-index-xss(25783)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25783" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka Clanpage System) 1.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "892", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/892" + }, + { + "name": "http://soot.shabgard.org/bugs/Clansys.txt", + "refsource": "MISC", + "url": "http://soot.shabgard.org/bugs/Clansys.txt" + }, + { + "name": "1015934", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015934" + }, + { + "name": "20060412 Clansys v.1.1 Multiple Xss Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-04/0238.html" + }, + { + "name": "clansys-index-xss(25783)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25783" + }, + { + "name": "19609", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19609" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2435.json b/2006/2xxx/CVE-2006-2435.json index 0d96fcc56a5..9b39be9592f 100644 --- a/2006/2xxx/CVE-2006-2435.json +++ b/2006/2xxx/CVE-2006-2435.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to \"Inserting certain script tags in urls [that] may allow unintended execution of scripts.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060509 IBM Websphere Application Server Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-05/0175.html" - }, - { - "name" : "PK15571", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=PK15571&apar=only" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006879", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006879" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006881", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006881" - }, - { - "name" : "ADV-2006-1736", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1736" - }, - { - "name" : "ADV-2006-2552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2552" - }, - { - "name" : "20032", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20032" - }, - { - "name" : "910", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/910" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to \"Inserting certain script tags in urls [that] may allow unintended execution of scripts.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PK15571", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK15571&apar=only" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006881", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006881" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006879", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006879" + }, + { + "name": "910", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/910" + }, + { + "name": "ADV-2006-1736", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1736" + }, + { + "name": "ADV-2006-2552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2552" + }, + { + "name": "20032", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20032" + }, + { + "name": "20060509 IBM Websphere Application Server Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0175.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2672.json b/2006/2xxx/CVE-2006-2672.json index 0762602e2c5..b5891a3a807 100644 --- a/2006/2xxx/CVE-2006-2672.json +++ b/2006/2xxx/CVE-2006-2672.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One allow remote attackers to inject arbitrary web script or HTML via the (1) listingid parameter to (a) images.php, (b) index_other.php, or (c) request_info.php; (2) propertyid parameter to (d) searchlookup.php, (3) id parameter to (e) images.php, or (4) agentid parameter to (f) request_info.php. NOTE: some of these issues might be resultant from SQL injection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060523 Realty Pro One Property Listing Script", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435012/100/0/threaded" - }, - { - "name" : "ADV-2006-1985", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1985" - }, - { - "name" : "25772", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25772" - }, - { - "name" : "25773", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25773" - }, - { - "name" : "25774", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25774" - }, - { - "name" : "25775", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25775" - }, - { - "name" : "20286", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20286" - }, - { - "name" : "988", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/988" - }, - { - "name" : "realtyproone-multiple-xss(26677)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26677" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One allow remote attackers to inject arbitrary web script or HTML via the (1) listingid parameter to (a) images.php, (b) index_other.php, or (c) request_info.php; (2) propertyid parameter to (d) searchlookup.php, (3) id parameter to (e) images.php, or (4) agentid parameter to (f) request_info.php. NOTE: some of these issues might be resultant from SQL injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25772", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25772" + }, + { + "name": "20060523 Realty Pro One Property Listing Script", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435012/100/0/threaded" + }, + { + "name": "25775", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25775" + }, + { + "name": "25773", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25773" + }, + { + "name": "988", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/988" + }, + { + "name": "ADV-2006-1985", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1985" + }, + { + "name": "25774", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25774" + }, + { + "name": "realtyproone-multiple-xss(26677)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26677" + }, + { + "name": "20286", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20286" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2733.json b/2006/2xxx/CVE-2006-2733.json index aba783a5d24..76950df4f26 100644 --- a/2006/2xxx/CVE-2006-2733.json +++ b/2006/2xxx/CVE-2006-2733.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security codes, which allows remote attackers to register multiple times via automated scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060528 Advisory: MiniNuke v2.x Multiple Remote Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435279/100/0/threaded" - }, - { - "name" : "http://www.nukedx.com/?getxpl=31", - "refsource" : "MISC", - "url" : "http://www.nukedx.com/?getxpl=31" - }, - { - "name" : "http://www.nukedx.com/?viewdoc=31", - "refsource" : "MISC", - "url" : "http://www.nukedx.com/?viewdoc=31" - }, - { - "name" : "20317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20317" - }, - { - "name" : "1002", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security codes, which allows remote attackers to register multiple times via automated scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20317" + }, + { + "name": "20060528 Advisory: MiniNuke v2.x Multiple Remote Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435279/100/0/threaded" + }, + { + "name": "http://www.nukedx.com/?viewdoc=31", + "refsource": "MISC", + "url": "http://www.nukedx.com/?viewdoc=31" + }, + { + "name": "http://www.nukedx.com/?getxpl=31", + "refsource": "MISC", + "url": "http://www.nukedx.com/?getxpl=31" + }, + { + "name": "1002", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1002" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6004.json b/2006/6xxx/CVE-2006-6004.json index 116be3c414d..a686deeeca4 100644 --- a/2006/6xxx/CVE-2006-6004.json +++ b/2006/6xxx/CVE-2006-6004.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6004", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-6004", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6152.json b/2006/6xxx/CVE-2006-6152.json index 9a562713319..5aa8d13ad11 100644 --- a/2006/6xxx/CVE-2006-6152.json +++ b/2006/6xxx/CVE-2006-6152.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to (a) cat.asp, or the (2) keyword, (3) order, (4) sort, (5) menuSelect, or (6) state parameter to (b) search.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061119 Classified System [injection sql]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452179/100/100/threaded" - }, - { - "name" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=47", - "refsource" : "MISC", - "url" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=47" - }, - { - "name" : "21190", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21190" - }, - { - "name" : "1017259", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017259" - }, - { - "name" : "22987", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22987" - }, - { - "name" : "1926", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1926" - }, - { - "name" : "classifiedsystem-catsearch-sql-injection(30444)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to (a) cat.asp, or the (2) keyword, (3) order, (4) sort, (5) menuSelect, or (6) state parameter to (b) search.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22987", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22987" + }, + { + "name": "http://s-a-p.ca/index.php?page=OurAdvisories&id=47", + "refsource": "MISC", + "url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=47" + }, + { + "name": "1017259", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017259" + }, + { + "name": "1926", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1926" + }, + { + "name": "21190", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21190" + }, + { + "name": "classifiedsystem-catsearch-sql-injection(30444)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30444" + }, + { + "name": "20061119 Classified System [injection sql]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452179/100/100/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6431.json b/2006/6xxx/CVE-2006-6431.json index cd016361014..f7b26d125e3 100644 --- a/2006/6xxx/CVE-2006-6431.json +++ b/2006/6xxx/CVE-2006-6431.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify signatures of e-mail messages via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf" - }, - { - "name" : "ADV-2006-4791", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4791" - }, - { - "name" : "23265", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23265" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify signatures of e-mail messages via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf" + }, + { + "name": "23265", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23265" + }, + { + "name": "ADV-2006-4791", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4791" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7188.json b/2006/7xxx/CVE-2006-7188.json index 75ed136723b..1735029db4d 100644 --- a/2006/7xxx/CVE-2006-7188.json +++ b/2006/7xxx/CVE-2006-7188.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The search function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to read internal forum posts via certain requests, possibly related to the $info{'forum'} variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.web-app.net/cgi-bin/index.cgi?action=downloadinfo&cat=security&id=1", - "refsource" : "CONFIRM", - "url" : "http://www.web-app.net/cgi-bin/index.cgi?action=downloadinfo&cat=security&id=1" - }, - { - "name" : "http://www.web-app.net/cgi-bin/index.cgi?action=redirectd&cat=security&id=1", - "refsource" : "CONFIRM", - "url" : "http://www.web-app.net/cgi-bin/index.cgi?action=redirectd&cat=security&id=1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The search function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to read internal forum posts via certain requests, possibly related to the $info{'forum'} variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.web-app.net/cgi-bin/index.cgi?action=downloadinfo&cat=security&id=1", + "refsource": "CONFIRM", + "url": "http://www.web-app.net/cgi-bin/index.cgi?action=downloadinfo&cat=security&id=1" + }, + { + "name": "http://www.web-app.net/cgi-bin/index.cgi?action=redirectd&cat=security&id=1", + "refsource": "CONFIRM", + "url": "http://www.web-app.net/cgi-bin/index.cgi?action=redirectd&cat=security&id=1" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0270.json b/2011/0xxx/CVE-2011-0270.json index a16e6cace57..ea469030b19 100644 --- a/2011/0xxx/CVE-2011-0270.json +++ b/2011/0xxx/CVE-2011-0270.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in input data that involves an invalid template name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-0270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-012/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-012/" - }, - { - "name" : "HPSBMA02621", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/515628" - }, - { - "name" : "SSRT100352", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/515628" - }, - { - "name" : "45762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45762" - }, - { - "name" : "70474", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70474" - }, - { - "name" : "1024951", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024951" - }, - { - "name" : "ADV-2011-0085", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0085" - }, - { - "name" : "hp-opennnm-nnmrptconfig-format-string(64646)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64646" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in input data that involves an invalid template name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMA02621", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/515628" + }, + { + "name": "ADV-2011-0085", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0085" + }, + { + "name": "SSRT100352", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/515628" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-012/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-012/" + }, + { + "name": "45762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45762" + }, + { + "name": "1024951", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024951" + }, + { + "name": "70474", + "refsource": "OSVDB", + "url": "http://osvdb.org/70474" + }, + { + "name": "hp-opennnm-nnmrptconfig-format-string(64646)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64646" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2133.json b/2011/2xxx/CVE-2011-2133.json index 607f732df74..7e57b6048f0 100644 --- a/2011/2xxx/CVE-2011-2133.json +++ b/2011/2xxx/CVE-2011-2133.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 8 and 9 before 9.0.1.262, and RoboHelp Server 8 and 9, allows remote attackers to inject arbitrary web script or HTML via the URI, related to template_stock/whutils.js." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-2133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-23.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-23.html" - }, - { - "name" : "TA11-222A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-222A.html" - }, - { - "name" : "8334", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8334" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 8 and 9 before 9.0.1.262, and RoboHelp Server 8 and 9, allows remote attackers to inject arbitrary web script or HTML via the URI, related to template_stock/whutils.js." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-222A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-222A.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-23.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-23.html" + }, + { + "name": "8334", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8334" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2170.json b/2011/2xxx/CVE-2011-2170.json index ee0bc90ffe0..b871fb2de93 100644 --- a/2011/2xxx/CVE-2011-2170.json +++ b/2011/2xxx/CVE-2011-2170.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome OS before R12 0.12.433.38 Beta, when Guest mode is enabled, does not prevent changes on the about:flags page, which has unspecified impact and local attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2011/05/chrome-os-beta-channel-update_16.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/05/chrome-os-beta-channel-update_16.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome OS before R12 0.12.433.38 Beta, when Guest mode is enabled, does not prevent changes on the about:flags page, which has unspecified impact and local attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2011/05/chrome-os-beta-channel-update_16.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/05/chrome-os-beta-channel-update_16.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2245.json b/2011/2xxx/CVE-2011-2245.json index fa1c48595a3..0f03a083828 100644 --- a/2011/2xxx/CVE-2011-2245.json +++ b/2011/2xxx/CVE-2011-2245.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2245", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Solaris component in Oracle Sun Products Suite 9 and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to SSH." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-2245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" - }, - { - "name" : "TA11-201A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Solaris component in Oracle Sun Products Suite 9 and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to SSH." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-201A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2413.json b/2011/2xxx/CVE-2011-2413.json index 35a7906c66e..7e18866100a 100644 --- a/2011/2xxx/CVE-2011-2413.json +++ b/2011/2xxx/CVE-2011-2413.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2413", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2413", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2554.json b/2011/2xxx/CVE-2011-2554.json index 99525380047..eeac72b39ca 100644 --- a/2011/2xxx/CVE-2011-2554.json +++ b/2011/2xxx/CVE-2011-2554.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2554", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2554", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2725.json b/2011/2xxx/CVE-2011-2725.json index e534a199354..72a291a90d2 100644 --- a/2011/2xxx/CVE-2011-2725.json +++ b/2011/2xxx/CVE-2011-2725.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111007 Medium severity flaw with Ark", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2011/Oct/351" - }, - { - "name" : "http://packetstormsecurity.com/files/105610/Ark-2.16-Directory-Traversal.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/105610/Ark-2.16-Directory-Traversal.html" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=708268", - "refsource" : "MISC", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=708268" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=725764", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=725764" - }, - { - "name" : "openSUSE-SU-2012:0322", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-03/msg00002.html" - }, - { - "name" : "USN-1276-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1276-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2012:0322", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00002.html" + }, + { + "name": "20111007 Medium severity flaw with Ark", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2011/Oct/351" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=725764", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=725764" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=708268", + "refsource": "MISC", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=708268" + }, + { + "name": "http://packetstormsecurity.com/files/105610/Ark-2.16-Directory-Traversal.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/105610/Ark-2.16-Directory-Traversal.html" + }, + { + "name": "USN-1276-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1276-1" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2897.json b/2011/2xxx/CVE-2011-2897.json index 547f8f2180f..d7fb7438050 100644 --- a/2011/2xxx/CVE-2011-2897.json +++ b/2011/2xxx/CVE-2011-2897.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2897", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2897", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3072.json b/2011/3xxx/CVE-2011-3072.json index 1d6dfc03f6b..16e3cb4322f 100644 --- a/2011/3xxx/CVE-2011-3072.json +++ b/2011/3xxx/CVE-2011-3072.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=118467", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=118467" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html" - }, - { - "name" : "GLSA-201204-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201204-03.xml" - }, - { - "name" : "52913", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52913" - }, - { - "name" : "81042", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81042" - }, - { - "name" : "oval:org.mitre.oval:def:15480", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15480" - }, - { - "name" : "1026892", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026892" - }, - { - "name" : "48732", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48732" - }, - { - "name" : "48749", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48749" - }, - { - "name" : "chrome-ppw-security-bypass(74632)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html" + }, + { + "name": "1026892", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026892" + }, + { + "name": "52913", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52913" + }, + { + "name": "oval:org.mitre.oval:def:15480", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15480" + }, + { + "name": "48749", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48749" + }, + { + "name": "48732", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48732" + }, + { + "name": "GLSA-201204-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201204-03.xml" + }, + { + "name": "chrome-ppw-security-bypass(74632)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74632" + }, + { + "name": "81042", + "refsource": "OSVDB", + "url": "http://osvdb.org/81042" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=118467", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=118467" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3217.json b/2011/3xxx/CVE-2011-3217.json index b2235b99902..2ada00f849c 100644 --- a/2011/3xxx/CVE-2011-3217.json +++ b/2011/3xxx/CVE-2011-3217.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-3217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5002", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5002" - }, - { - "name" : "APPLE-SA-2011-10-12-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" - }, - { - "name" : "50085", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2011-10-12-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5002", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5002" + }, + { + "name": "50085", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50085" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3317.json b/2011/3xxx/CVE-2011-3317.json index 46eba8b5b10..eff4a27931e 100644 --- a/2011/3xxx/CVE-2011-3317.json +++ b/2011/3xxx/CVE-2011-3317.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-3317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt" - }, - { - "name" : "53436", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53436" - }, - { - "name" : "49101", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49101", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49101" + }, + { + "name": "53436", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53436" + }, + { + "name": "http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4445.json b/2011/4xxx/CVE-2011-4445.json index da76ed35a94..1adcc3b4630 100644 --- a/2011/4xxx/CVE-2011-4445.json +++ b/2011/4xxx/CVE-2011-4445.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4445", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4445", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4607.json b/2011/4xxx/CVE-2011-4607.json index 32853b682d8..f7be7832149 100644 --- a/2011/4xxx/CVE-2011-4607.json +++ b/2011/4xxx/CVE-2011-4607.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111212 CVE request: putty does not wipe keyboard-interactive replies from memory after authentication", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2011/q4/499" - }, - { - "name" : "[oss-security] 20111212 Re: CVE request: putty does not wipe keyboard-interactive replies from memory after authentication", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2011/q4/500" - }, - { - "name" : "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/password-not-wiped.html", - "refsource" : "CONFIRM", - "url" : "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/password-not-wiped.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20111212 Re: CVE request: putty does not wipe keyboard-interactive replies from memory after authentication", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2011/q4/500" + }, + { + "name": "[oss-security] 20111212 CVE request: putty does not wipe keyboard-interactive replies from memory after authentication", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2011/q4/499" + }, + { + "name": "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/password-not-wiped.html", + "refsource": "CONFIRM", + "url": "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/password-not-wiped.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4831.json b/2011/4xxx/CVE-2011-4831.json index ba0ec59afb1..0d66400071c 100644 --- a/2011/4xxx/CVE-2011-4831.json +++ b/2011/4xxx/CVE-2011-4831.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in webFileBrowser.php in Web File Browser 0.4b14 allows remote authenticated users to read arbitrary files via a ..%2f (encoded dot dot) in the file parameter in a download action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18070", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in webFileBrowser.php in Web File Browser 0.4b14 allows remote authenticated users to read arbitrary files via a ..%2f (encoded dot dot) in the file parameter in a download action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18070", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18070" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4894.json b/2011/4xxx/CVE-2011-4894.json index cfddbddd5d5..cd028b11208 100644 --- a/2011/4xxx/CVE-2011-4894.json +++ b/2011/4xxx/CVE-2011-4894.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4894", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort access instead of a Tor TLS connection for a directory fetch, which makes it easier for remote attackers to enumerate bridges by observing DirPort connections." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4894", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.torproject.org/blog/tor-02234-released-security-patches", - "refsource" : "CONFIRM", - "url" : "https://blog.torproject.org/blog/tor-02234-released-security-patches" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort access instead of a Tor TLS connection for a directory fetch, which makes it easier for remote attackers to enumerate bridges by observing DirPort connections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.torproject.org/blog/tor-02234-released-security-patches", + "refsource": "CONFIRM", + "url": "https://blog.torproject.org/blog/tor-02234-released-security-patches" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4933.json b/2011/4xxx/CVE-2011-4933.json index 52d61ce13a8..13b169508dc 100644 --- a/2011/4xxx/CVE-2011-4933.json +++ b/2011/4xxx/CVE-2011-4933.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4933", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0819. Reason: This candidate is a reservation duplicate of CVE-2012-0819. Notes: All CVE users should reference CVE-2012-0819 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4933", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0819. Reason: This candidate is a reservation duplicate of CVE-2012-0819. Notes: All CVE users should reference CVE-2012-0819 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1103.json b/2013/1xxx/CVE-2013-1103.json index 4e6c4f926f7..af6aba228cf 100644 --- a/2013/1xxx/CVE-2013-1103.json +++ b/2013/1xxx/CVE-2013-1103.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130123 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc" - }, - { - "name" : "57524", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57524" - }, - { - "name" : "89530", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/89530" - }, - { - "name" : "1028027", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028027" - }, - { - "name" : "51965", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51965" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51965", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51965" + }, + { + "name": "57524", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57524" + }, + { + "name": "89530", + "refsource": "OSVDB", + "url": "http://osvdb.org/89530" + }, + { + "name": "20130123 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc" + }, + { + "name": "1028027", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028027" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1876.json b/2013/1xxx/CVE-2013-1876.json index eea270f9675..babf8eaf367 100644 --- a/2013/1xxx/CVE-2013-1876.json +++ b/2013/1xxx/CVE-2013-1876.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1876", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-2615. Reason: This candidate is a duplicate of CVE-2013-2615. Notes: All CVE users should reference CVE-2013-2615 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-1876", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-2615. Reason: This candidate is a duplicate of CVE-2013-2615. Notes: All CVE users should reference CVE-2013-2615 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5132.json b/2013/5xxx/CVE-2013-5132.json index cdbaf9f938f..f24ee57bc68 100644 --- a/2013/5xxx/CVE-2013-5132.json +++ b/2013/5xxx/CVE-2013-5132.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple AirPort Base Station Firmware before 7.6.4 does not properly handle incorrect frame lengths, which allows remote attackers to cause a denial of service (device crash) by associating with the access point and then sending a short frame." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-5132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5920", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5920" - }, - { - "name" : "APPLE-SA-2013-09-06-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple AirPort Base Station Firmware before 7.6.4 does not properly handle incorrect frame lengths, which allows remote attackers to cause a denial of service (device crash) by associating with the access point and then sending a short frame." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2013-09-06-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5920", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5920" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5491.json b/2013/5xxx/CVE-2013-5491.json index e59b2793d68..6a6797eaa79 100644 --- a/2013/5xxx/CVE-2013-5491.json +++ b/2013/5xxx/CVE-2013-5491.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5491", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5491", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5650.json b/2013/5xxx/CVE-2013-5650.json index 9192c51ed88..7b19fac75c2 100644 --- a/2013/5xxx/CVE-2013-5650.json +++ b/2013/5xxx/CVE-2013-5650.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service (UAC) 4.1 before 4.1r8.1, 4.2 before 4.2r5, 4.3 before 4.3r6 and 4.4 before 4.4r3, when a hardware SSL acceleration card is enabled, allows remote attackers to cause a denial of service (device hang) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/InfoCenter/index?cmid=no&page=content&id=JSA10590", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/InfoCenter/index?cmid=no&page=content&id=JSA10590" - }, - { - "name" : "97241", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/97241" - }, - { - "name" : "54776", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54776" - }, - { - "name" : "juniper-junos-cve20135650-dos(87063)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87063" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7.2r10, 7.3 before 7.3r6, and 7.4 before 7.4r3 and Junos Pulse Access Control Service (UAC) 4.1 before 4.1r8.1, 4.2 before 4.2r5, 4.3 before 4.3r6 and 4.4 before 4.4r3, when a hardware SSL acceleration card is enabled, allows remote attackers to cause a denial of service (device hang) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97241", + "refsource": "OSVDB", + "url": "http://osvdb.org/97241" + }, + { + "name": "juniper-junos-cve20135650-dos(87063)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87063" + }, + { + "name": "https://kb.juniper.net/InfoCenter/index?cmid=no&page=content&id=JSA10590", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/InfoCenter/index?cmid=no&page=content&id=JSA10590" + }, + { + "name": "54776", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54776" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5992.json b/2013/5xxx/CVE-2013-5992.json index 4ee897d2cee..d5a7cf52c78 100644 --- a/2013/5xxx/CVE-2013-5992.json +++ b/2013/5xxx/CVE-2013-5992.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-5992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ec-cube.net/info/weakness/weakness.php?id=54", - "refsource" : "CONFIRM", - "url" : "http://www.ec-cube.net/info/weakness/weakness.php?id=54" - }, - { - "name" : "JVN#38790987", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN38790987/index.html" - }, - { - "name" : "JVNDB-2013-000105", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=54", + "refsource": "CONFIRM", + "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54" + }, + { + "name": "JVNDB-2013-000105", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000105" + }, + { + "name": "JVN#38790987", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN38790987/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2269.json b/2014/2xxx/CVE-2014-2269.json index 96bcf9e88d1..e51e0e6637c 100644 --- a/2014/2xxx/CVE-2014-2269.json +++ b/2014/2xxx/CVE-2014-2269.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Vtigercrm-developers] 20140316 IMP: forgot password and re-installation security fix", - "refsource" : "MLIST", - "url" : "http://vtiger-crm.2324883.n4.nabble.com/Vtigercrm-developers-IMP-forgot-password-and-re-installation-security-fix-tt9786.html" - }, - { - "name" : "66758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66758" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "66758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66758" + }, + { + "name": "[Vtigercrm-developers] 20140316 IMP: forgot password and re-installation security fix", + "refsource": "MLIST", + "url": "http://vtiger-crm.2324883.n4.nabble.com/Vtigercrm-developers-IMP-forgot-password-and-re-installation-security-fix-tt9786.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2279.json b/2014/2xxx/CVE-2014-2279.json index 6fc8f5674b1..6bc6ca7f10b 100644 --- a/2014/2xxx/CVE-2014-2279.json +++ b/2014/2xxx/CVE-2014-2279.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allow (1) remote authenticated users with access to the LogManagement functionality to read arbitrary files via a .. (dot dot) in the logname parameter to out/out.LogManagement.php or (2) remote attackers to write to arbitrary files via a .. (dot dot) in the fileId parameter to op/op.AddFile2.php. NOTE: vector 2 can be leveraged to execute arbitrary code by using CVE-2014-2278." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140314 Multiple Vulnerabilities in SeedDMS < = 4.3.3", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-03/0101.html" - }, - { - "name" : "http://packetstormsecurity.com/files/125726", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/125726" - }, - { - "name" : "http://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG" - }, - { - "name" : "66256", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66256" - }, - { - "name" : "104466", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/104466" - }, - { - "name" : "seeddms-cve20142279-dir-trav(91831)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91831" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allow (1) remote authenticated users with access to the LogManagement functionality to read arbitrary files via a .. (dot dot) in the logname parameter to out/out.LogManagement.php or (2) remote attackers to write to arbitrary files via a .. (dot dot) in the fileId parameter to op/op.AddFile2.php. NOTE: vector 2 can be leveraged to execute arbitrary code by using CVE-2014-2278." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104466", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/104466" + }, + { + "name": "20140314 Multiple Vulnerabilities in SeedDMS < = 4.3.3", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-03/0101.html" + }, + { + "name": "http://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG" + }, + { + "name": "seeddms-cve20142279-dir-trav(91831)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91831" + }, + { + "name": "http://packetstormsecurity.com/files/125726", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/125726" + }, + { + "name": "66256", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66256" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2626.json b/2014/2xxx/CVE-2014-2626.json index eeb954e79c4..136a35bdd47 100644 --- a/2014/2xxx/CVE-2014-2626.json +++ b/2014/2xxx/CVE-2014-2626.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2626", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2014-2626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-14-268/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-14-268/" - }, - { - "name" : "HPSBMU03073", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202" - }, - { - "name" : "SSRT101359", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202" - }, - { - "name" : "1030624", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030624" - }, - { - "name" : "60418", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030624", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030624" + }, + { + "name": "60418", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60418" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-14-268/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-14-268/" + }, + { + "name": "HPSBMU03073", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202" + }, + { + "name": "SSRT101359", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2956.json b/2014/2xxx/CVE-2014-2956.json index 27b81671cda..35d5c979569 100644 --- a/2014/2xxx/CVE-2014-2956.json +++ b/2014/2xxx/CVE-2014-2956.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2956", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ScriptHelperApi in the AVG ScriptHelper ActiveX control in ScriptHelper.exe in AVG Secure Search toolbar before 18.1.7.598 and AVG Safeguard before 18.1.7.644 does not implement domain-based access control for method calls, which allows remote attackers to trigger the downloading and execution of arbitrary programs via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-2956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#960193", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/960193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ScriptHelperApi in the AVG ScriptHelper ActiveX control in ScriptHelper.exe in AVG Secure Search toolbar before 18.1.7.598 and AVG Safeguard before 18.1.7.644 does not implement domain-based access control for method calls, which allows remote attackers to trigger the downloading and execution of arbitrary programs via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#960193", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/960193" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2966.json b/2014/2xxx/CVE-2014-2966.json index b0156e1505e..455e956a705 100644 --- a/2014/2xxx/CVE-2014-2966.json +++ b/2014/2xxx/CVE-2014-2966.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2966", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-2966", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://caucho.com/products/resin/download#download", - "refsource" : "CONFIRM", - "url" : "http://caucho.com/products/resin/download#download" - }, - { - "name" : "VU#162308", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/162308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#162308", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/162308" + }, + { + "name": "http://caucho.com/products/resin/download#download", + "refsource": "CONFIRM", + "url": "http://caucho.com/products/resin/download#download" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6060.json b/2014/6xxx/CVE-2014-6060.json index 2590a9e9f66..9331bd0f2a5 100644 --- a/2014/6xxx/CVE-2014-6060.json +++ b/2014/6xxx/CVE-2014-6060.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140730 CVE Request: dhcpcd DoS attack", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/07/30/5" - }, - { - "name" : "[oss-security] 20140901 CVE Request: dhcpcd DoS attack", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/09/01/11" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0334.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0334.html" - }, - { - "name" : "http://roy.marples.name/projects/dhcpcd/ci/1d2b93aa5ce25a8a710082fe2d36a6bf7f5794d5?sbs=0", - "refsource" : "CONFIRM", - "url" : "http://roy.marples.name/projects/dhcpcd/ci/1d2b93aa5ce25a8a710082fe2d36a6bf7f5794d5?sbs=0" - }, - { - "name" : "http://source.android.com/security/bulletin/2016-04-02.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-04-02.html" - }, - { - "name" : "MDVSA-2014:171", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:171" - }, - { - "name" : "SSA:2014-213-02", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.462420" - }, - { - "name" : "68970", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68970" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2014:171", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:171" + }, + { + "name": "SSA:2014-213-02", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.462420" + }, + { + "name": "[oss-security] 20140901 CVE Request: dhcpcd DoS attack", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/09/01/11" + }, + { + "name": "[oss-security] 20140730 CVE Request: dhcpcd DoS attack", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/07/30/5" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0334.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0334.html" + }, + { + "name": "http://roy.marples.name/projects/dhcpcd/ci/1d2b93aa5ce25a8a710082fe2d36a6bf7f5794d5?sbs=0", + "refsource": "CONFIRM", + "url": "http://roy.marples.name/projects/dhcpcd/ci/1d2b93aa5ce25a8a710082fe2d36a6bf7f5794d5?sbs=0" + }, + { + "name": "68970", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68970" + }, + { + "name": "http://source.android.com/security/bulletin/2016-04-02.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-04-02.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6457.json b/2014/6xxx/CVE-2014-6457.json index 6c3c8a91694..b90db56b07f 100644 --- a/2014/6xxx/CVE-2014-6457.json +++ b/2014/6xxx/CVE-2014-6457.json @@ -1,297 +1,297 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-1633.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-1633.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-1634.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-1634.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-1636", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-1636" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21688283", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21688283" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21692299", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21692299" - }, - { - "name" : "DSA-3077", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3077" - }, - { - "name" : "DSA-3080", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3080" - }, - { - "name" : "GLSA-201502-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml" - }, - { - "name" : "HPSBUX03218", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141775382904016&w=2" - }, - { - "name" : "SSRT101770", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141775382904016&w=2" - }, - { - "name" : "RHSA-2014:1620", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1620.html" - }, - { - "name" : "RHSA-2014:1633", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1633.html" - }, - { - "name" : "RHSA-2014:1634", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1634.html" - }, - { - "name" : "RHSA-2014:1636", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1636.html" - }, - { - "name" : "RHSA-2014:1657", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1657.html" - }, - { - "name" : "RHSA-2014:1658", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1658.html" - }, - { - "name" : "RHSA-2014:1876", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1876.html" - }, - { - "name" : "RHSA-2014:1877", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1877.html" - }, - { - "name" : "RHSA-2014:1880", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1880.html" - }, - { - "name" : "RHSA-2014:1881", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1881.html" - }, - { - "name" : "RHSA-2014:1882", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1882.html" - }, - { - "name" : "RHSA-2015:0264", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0264.html" - }, - { - "name" : "SUSE-SU-2014:1422", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00013.html" - }, - { - "name" : "SUSE-SU-2014:1526", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html" - }, - { - "name" : "SUSE-SU-2014:1549", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html" - }, - { - "name" : "SUSE-SU-2015:0344", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html" - }, - { - "name" : "SUSE-SU-2015:0345", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html" - }, - { - "name" : "SUSE-SU-2015:0376", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html" - }, - { - "name" : "SUSE-SU-2015:0392", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html" - }, - { - "name" : "USN-2386-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2386-1" - }, - { - "name" : "USN-2388-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2388-1" - }, - { - "name" : "USN-2388-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2388-2" - }, - { - "name" : "70538", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70538" - }, - { - "name" : "60414", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60414" - }, - { - "name" : "60416", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60416" - }, - { - "name" : "60417", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60417" - }, - { - "name" : "61018", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61018" - }, - { - "name" : "61020", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61020" - }, - { - "name" : "61143", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61143" - }, - { - "name" : "61629", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61629" - }, - { - "name" : "61631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61631" - }, - { - "name" : "61163", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61163" - }, - { - "name" : "61164", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61164" - }, - { - "name" : "61346", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61346" - }, - { - "name" : "61609", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61609" - }, - { - "name" : "61928", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61928" - }, - { - "name" : "61635", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61635" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60414", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60414" + }, + { + "name": "RHSA-2014:1880", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1880.html" + }, + { + "name": "RHSA-2014:1657", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1657.html" + }, + { + "name": "RHSA-2014:1877", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1877.html" + }, + { + "name": "61609", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61609" + }, + { + "name": "61928", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61928" + }, + { + "name": "61163", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61163" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283" + }, + { + "name": "USN-2386-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2386-1" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-1633.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1633.html" + }, + { + "name": "USN-2388-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2388-1" + }, + { + "name": "HPSBUX03218", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141775382904016&w=2" + }, + { + "name": "RHSA-2014:1881", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1881.html" + }, + { + "name": "61629", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61629" + }, + { + "name": "SUSE-SU-2014:1549", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html" + }, + { + "name": "61018", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61018" + }, + { + "name": "SUSE-SU-2015:0376", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html" + }, + { + "name": "RHSA-2014:1876", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1876.html" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-1634.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1634.html" + }, + { + "name": "61346", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61346" + }, + { + "name": "RHSA-2015:0264", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html" + }, + { + "name": "RHSA-2014:1634", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1634.html" + }, + { + "name": "USN-2388-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2388-2" + }, + { + "name": "SUSE-SU-2014:1422", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00013.html" + }, + { + "name": "DSA-3080", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3080" + }, + { + "name": "SUSE-SU-2015:0392", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html" + }, + { + "name": "70538", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70538" + }, + { + "name": "SUSE-SU-2014:1526", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html" + }, + { + "name": "SUSE-SU-2015:0345", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html" + }, + { + "name": "60416", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60416" + }, + { + "name": "RHSA-2014:1882", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1882.html" + }, + { + "name": "RHSA-2014:1633", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1633.html" + }, + { + "name": "RHSA-2014:1636", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1636.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "RHSA-2014:1658", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1658.html" + }, + { + "name": "61164", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61164" + }, + { + "name": "61635", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61635" + }, + { + "name": "SSRT101770", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141775382904016&w=2" + }, + { + "name": "DSA-3077", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3077" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-1636", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1636" + }, + { + "name": "GLSA-201502-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21692299", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692299" + }, + { + "name": "61020", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61020" + }, + { + "name": "61143", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61143" + }, + { + "name": "SUSE-SU-2015:0344", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html" + }, + { + "name": "60417", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60417" + }, + { + "name": "61631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61631" + }, + { + "name": "RHSA-2014:1620", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1620.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0312.json b/2017/0xxx/CVE-2017-0312.json index ffa86b70f08..b2818fb7740 100644 --- a/2017/0xxx/CVE-2017-0312.json +++ b/2017/0xxx/CVE-2017-0312.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2017-0312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows GPU Display Driver", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit for a loop may lead to denial of service or potential escalation of privileges" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service, Escalation of Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2017-0312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows GPU Display Driver", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41364", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41364/" - }, - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4398", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit for a loop may lead to denial of service or potential escalation of privileges" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service, Escalation of Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398" + }, + { + "name": "41364", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41364/" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0325.json b/2017/0xxx/CVE-2017-0325.json index 0c634d252c7..6d56dfd4aab 100644 --- a/2017/0xxx/CVE-2017-0325.json +++ b/2017/0xxx/CVE-2017-0325.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2017-0325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10, Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the NVIDIA I2C HID driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10 and Kernel 3.18. Android ID: A-33040280. References: N-CVE-2017-0325." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2017-0325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10, Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-04-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-04-01.html" - }, - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" - }, - { - "name" : "97350", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97350" - }, - { - "name" : "1038201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the NVIDIA I2C HID driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10 and Kernel 3.18. Android ID: A-33040280. References: N-CVE-2017-0325." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97350", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97350" + }, + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" + }, + { + "name": "https://source.android.com/security/bulletin/2017-04-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-04-01.html" + }, + { + "name": "1038201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038201" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0604.json b/2017/0xxx/CVE-2017-0604.json index 11d2410b5a7..a54acc33ef5 100644 --- a/2017/0xxx/CVE-2017-0604.json +++ b/2017/0xxx/CVE-2017-0604.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-35392981. References: QC-CR#826589." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98151", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98151" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-35392981. References: QC-CR#826589." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98151", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98151" + }, + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0925.json b/2017/0xxx/CVE-2017-0925.json index 5e65a4a634f..6781fdc3fe5 100644 --- a/2017/0xxx/CVE-2017-0925.json +++ b/2017/0xxx/CVE-2017-0925.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2017-0925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GitLab Community and Enterprise Editions", - "version" : { - "version_data" : [ - { - "version_value" : "8.10.6 - 10.1.5 Fixed in 10.1.6" - }, - { - "version_value" : "10.2.0 - 10.2.5 Fixed in 10.2.6" - }, - { - "version_value" : "10.3.0 - 10.3.3 Fixed in 10.3.4" - } - ] - } - } - ] - }, - "vendor_name" : "GitLab" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficiently Protected Credentials (CWE-522)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2017-0925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GitLab Community and Enterprise Editions", + "version": { + "version_data": [ + { + "version_value": "8.10.6 - 10.1.5 Fixed in 10.1.6" + }, + { + "version_value": "10.2.0 - 10.2.5 Fixed in 10.2.6" + }, + { + "version_value": "10.3.0 - 10.3.3 Fixed in 10.3.4" + } + ] + } + } + ] + }, + "vendor_name": "GitLab" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", - "refsource" : "CONFIRM", - "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/" - }, - { - "name" : "https://gitlab.com/gitlab-org/gitlab-ee/issues/3847", - "refsource" : "CONFIRM", - "url" : "https://gitlab.com/gitlab-org/gitlab-ee/issues/3847" - }, - { - "name" : "DSA-4145", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficiently Protected Credentials (CWE-522)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4145", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4145" + }, + { + "name": "https://gitlab.com/gitlab-org/gitlab-ee/issues/3847", + "refsource": "CONFIRM", + "url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/3847" + }, + { + "name": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", + "refsource": "CONFIRM", + "url": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000369.json b/2017/1000xxx/CVE-2017-1000369.json index 11c60cba2ca..4469202cc70 100644 --- a/2017/1000xxx/CVE-2017-1000369.json +++ b/2017/1000xxx/CVE-2017-1000369.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "ID" : "CVE-2017-1000369", - "REQUESTER" : "qsa@qualys.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Exim", - "version" : { - "version_data" : [ - { - "version_value" : "4.89" - } - ] - } - } - ] - }, - "vendor_name" : "Exim Internet Mailer" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Exim supports the use of multiple \"-p\" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1000369", + "REQUESTER": "qsa@qualys.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21", - "refsource" : "MISC", - "url" : "https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21" - }, - { - "name" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", - "refsource" : "MISC", - "url" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" - }, - { - "name" : "https://access.redhat.com/security/cve/CVE-2017-1000369", - "refsource" : "CONFIRM", - "url" : "https://access.redhat.com/security/cve/CVE-2017-1000369" - }, - { - "name" : "DSA-3888", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3888" - }, - { - "name" : "GLSA-201709-19", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-19" - }, - { - "name" : "99252", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99252" - }, - { - "name" : "1038779", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038779" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Exim supports the use of multiple \"-p\" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21", + "refsource": "MISC", + "url": "https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21" + }, + { + "name": "1038779", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038779" + }, + { + "name": "99252", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99252" + }, + { + "name": "https://access.redhat.com/security/cve/CVE-2017-1000369", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/security/cve/CVE-2017-1000369" + }, + { + "name": "GLSA-201709-19", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-19" + }, + { + "name": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", + "refsource": "MISC", + "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" + }, + { + "name": "DSA-3888", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3888" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16666.json b/2017/16xxx/CVE-2017-16666.json index 897f89835f7..29f51c29c8a 100644 --- a/2017/16xxx/CVE-2017-16666.json +++ b/2017/16xxx/CVE-2017-16666.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16666", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentication by leveraging the user registration feature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43430", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43430/" - }, - { - "name" : "http://packetstormsecurity.com/files/145639/Xplico-Remote-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/145639/Xplico-Remote-Code-Execution.html" - }, - { - "name" : "http://www.rapid7.com/db/modules/exploit/linux/http/xplico_exec", - "refsource" : "MISC", - "url" : "http://www.rapid7.com/db/modules/exploit/linux/http/xplico_exec" - }, - { - "name" : "https://pentest.blog/advisory-xplico-unauthenticated-remote-code-execution-cve-2017-16666/", - "refsource" : "MISC", - "url" : "https://pentest.blog/advisory-xplico-unauthenticated-remote-code-execution-cve-2017-16666/" - }, - { - "name" : "http://blog.securityonion.net/2017/11/security-advisory-for-xplico-120.html", - "refsource" : "CONFIRM", - "url" : "http://blog.securityonion.net/2017/11/security-advisory-for-xplico-120.html" - }, - { - "name" : "https://www.xplico.org/archives/1538", - "refsource" : "CONFIRM", - "url" : "https://www.xplico.org/archives/1538" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentication by leveraging the user registration feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/145639/Xplico-Remote-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/145639/Xplico-Remote-Code-Execution.html" + }, + { + "name": "http://blog.securityonion.net/2017/11/security-advisory-for-xplico-120.html", + "refsource": "CONFIRM", + "url": "http://blog.securityonion.net/2017/11/security-advisory-for-xplico-120.html" + }, + { + "name": "https://www.xplico.org/archives/1538", + "refsource": "CONFIRM", + "url": "https://www.xplico.org/archives/1538" + }, + { + "name": "https://pentest.blog/advisory-xplico-unauthenticated-remote-code-execution-cve-2017-16666/", + "refsource": "MISC", + "url": "https://pentest.blog/advisory-xplico-unauthenticated-remote-code-execution-cve-2017-16666/" + }, + { + "name": "43430", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43430/" + }, + { + "name": "http://www.rapid7.com/db/modules/exploit/linux/http/xplico_exec", + "refsource": "MISC", + "url": "http://www.rapid7.com/db/modules/exploit/linux/http/xplico_exec" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16712.json b/2017/16xxx/CVE-2017-16712.json index 646f3db0061..86ff8fd8434 100644 --- a/2017/16xxx/CVE-2017-16712.json +++ b/2017/16xxx/CVE-2017-16712.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16712", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16712", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1128.json b/2017/1xxx/CVE-2017-1128.json index 9087f9ee9e8..ba71a94c36d 100644 --- a/2017/1xxx/CVE-2017-1128.json +++ b/2017/1xxx/CVE-2017-1128.json @@ -1,103 +1,103 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1128", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational DOORS Next Generation", - "version" : { - "version_data" : [ - { - "version_value" : "4.0.1" - }, - { - "version_value" : "4.0.5" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "4.0.2" - }, - { - "version_value" : "4.0.3" - }, - { - "version_value" : "4.0.4" - }, - { - "version_value" : "4.0.6" - }, - { - "version_value" : "4.0.7" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1128", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational DOORS Next Generation", + "version": { + "version_data": [ + { + "version_value": "4.0.1" + }, + { + "version_value": "4.0.5" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "4.0.2" + }, + { + "version_value": "4.0.3" + }, + { + "version_value": "4.0.4" + }, + { + "version_value": "4.0.6" + }, + { + "version_value": "4.0.7" + }, + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21996645", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21996645" - }, - { - "name" : "96017", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96017", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96017" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21996645", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21996645" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1777.json b/2017/1xxx/CVE-2017-1777.json index cca2020f0ac..a5542ea8070 100644 --- a/2017/1xxx/CVE-2017-1777.json +++ b/2017/1xxx/CVE-2017-1777.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1777", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1777", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1867.json b/2017/1xxx/CVE-2017-1867.json index f2bc0c5e64f..55ae2d87b8a 100644 --- a/2017/1xxx/CVE-2017-1867.json +++ b/2017/1xxx/CVE-2017-1867.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1867", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1867", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1916.json b/2017/1xxx/CVE-2017-1916.json index 4b9b7ede457..2c3df2785f1 100644 --- a/2017/1xxx/CVE-2017-1916.json +++ b/2017/1xxx/CVE-2017-1916.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1916", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1916", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1965.json b/2017/1xxx/CVE-2017-1965.json index 78b6f294ada..d974e4fd0fa 100644 --- a/2017/1xxx/CVE-2017-1965.json +++ b/2017/1xxx/CVE-2017-1965.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1965", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1965", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4206.json b/2017/4xxx/CVE-2017-4206.json index a442675e8c4..2b48dd13125 100644 --- a/2017/4xxx/CVE-2017-4206.json +++ b/2017/4xxx/CVE-2017-4206.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4206", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4206", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4207.json b/2017/4xxx/CVE-2017-4207.json index 54832f7ca43..f5e11a78211 100644 --- a/2017/4xxx/CVE-2017-4207.json +++ b/2017/4xxx/CVE-2017-4207.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4207", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4207", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4609.json b/2017/4xxx/CVE-2017-4609.json index 0bc9178bc00..4e679df235f 100644 --- a/2017/4xxx/CVE-2017-4609.json +++ b/2017/4xxx/CVE-2017-4609.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4609", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4609", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4814.json b/2017/4xxx/CVE-2017-4814.json index 0f07c616f28..61c97776b3f 100644 --- a/2017/4xxx/CVE-2017-4814.json +++ b/2017/4xxx/CVE-2017-4814.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4814", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4814", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4866.json b/2017/4xxx/CVE-2017-4866.json index a0e8108149a..7c0ba31ef03 100644 --- a/2017/4xxx/CVE-2017-4866.json +++ b/2017/4xxx/CVE-2017-4866.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4866", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4866", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5571.json b/2018/5xxx/CVE-2018-5571.json index 94614005ffb..6523baf1616 100644 --- a/2018/5xxx/CVE-2018-5571.json +++ b/2018/5xxx/CVE-2018-5571.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-5571", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-5571", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file