diff --git a/2006/0xxx/CVE-2006-0985.json b/2006/0xxx/CVE-2006-0985.json index 1463a1afabe..00c3b5ec2cc 100644 --- a/2006/0xxx/CVE-2006-0985.json +++ b/2006/0xxx/CVE-2006-0985.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the \"post comment\" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) website, and (3) comment parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060227 WordPress 2.0.1 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426304/100/0/threaded" - }, - { - "name" : "20060228 FW: WordPress 2.0.1 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426504/100/0/threaded" - }, - { - "name" : "20060302 Re: FW: WordPress 2.0.1 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/426574/100/0/threaded" - }, - { - "name" : "http://NeoSecurityTeam.net/advisories/Advisory-17.txt", - "refsource" : "MISC", - "url" : "http://NeoSecurityTeam.net/advisories/Advisory-17.txt" - }, - { - "name" : "ADV-2006-0777", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0777" - }, - { - "name" : "19050", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19050" - }, - { - "name" : "wordpress-wpcommentspost-xss(24957)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24957" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the \"post comment\" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) website, and (3) comment parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wordpress-wpcommentspost-xss(24957)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24957" + }, + { + "name": "http://NeoSecurityTeam.net/advisories/Advisory-17.txt", + "refsource": "MISC", + "url": "http://NeoSecurityTeam.net/advisories/Advisory-17.txt" + }, + { + "name": "19050", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19050" + }, + { + "name": "20060227 WordPress 2.0.1 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426304/100/0/threaded" + }, + { + "name": "ADV-2006-0777", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0777" + }, + { + "name": "20060302 Re: FW: WordPress 2.0.1 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426574/100/0/threaded" + }, + { + "name": "20060228 FW: WordPress 2.0.1 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/426504/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3180.json b/2006/3xxx/CVE-2006-3180.json index a21e31da721..8e565cca78a 100644 --- a/2006/3xxx/CVE-2006-3180.json +++ b/2006/3xxx/CVE-2006-3180.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ftp_index.php in Confixx Pro 3.0 allows remote attackers to inject arbitrary web script or HTML via the path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060614 Confixx <= 3", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-06/0383.html" - }, - { - "name" : "18426", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18426" - }, - { - "name" : "ADV-2006-2429", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2429" - }, - { - "name" : "26629", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26629" - }, - { - "name" : "20728", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20728" - }, - { - "name" : "confixx-multiple-xss(27222)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27222" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ftp_index.php in Confixx Pro 3.0 allows remote attackers to inject arbitrary web script or HTML via the path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "confixx-multiple-xss(27222)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27222" + }, + { + "name": "20060614 Confixx <= 3", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-06/0383.html" + }, + { + "name": "ADV-2006-2429", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2429" + }, + { + "name": "18426", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18426" + }, + { + "name": "20728", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20728" + }, + { + "name": "26629", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26629" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3565.json b/2006/3xxx/CVE-2006-3565.json index 42f86d0ad98..4834ba95ef5 100644 --- a/2006/3xxx/CVE-2006-3565.json +++ b/2006/3xxx/CVE-2006-3565.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in search.results.php in HiveMail 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the fields[] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/07/hivemail-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/07/hivemail-vuln.html" - }, - { - "name" : "18949", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18949" - }, - { - "name" : "27099", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27099" - }, - { - "name" : "1016531", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016531" - }, - { - "name" : "20993", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20993" - }, - { - "name" : "hivemail-searchresults-sql-injection(27694)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27694" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in search.results.php in HiveMail 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the fields[] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18949", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18949" + }, + { + "name": "hivemail-searchresults-sql-injection(27694)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27694" + }, + { + "name": "1016531", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016531" + }, + { + "name": "http://pridels0.blogspot.com/2006/07/hivemail-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/07/hivemail-vuln.html" + }, + { + "name": "20993", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20993" + }, + { + "name": "27099", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27099" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3870.json b/2006/3xxx/CVE-2006-3870.json index 5f5118abdd3..09c78bd7695 100644 --- a/2006/3xxx/CVE-2006-3870.json +++ b/2006/3xxx/CVE-2006-3870.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3870", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-3870", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4007.json b/2006/4xxx/CVE-2006-4007.json index d90631f4c4e..ce01baeeed4 100644 --- a/2006/4xxx/CVE-2006-4007.json +++ b/2006/4xxx/CVE-2006-4007.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php in Knusperleicht Guestbook 3.5 allows remote attackers to execute arbitrary PHP code via a URL in the GB_PATH parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060801 [Kurdish Security # 17 ] GuestBook 3.5 Remote Command Execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441810/100/0/threaded" - }, - { - "name" : "19274", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19274" - }, - { - "name" : "1333", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1333" - }, - { - "name" : "guestbook-index-file-include(28133)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28133" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php in Knusperleicht Guestbook 3.5 allows remote attackers to execute arbitrary PHP code via a URL in the GB_PATH parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060801 [Kurdish Security # 17 ] GuestBook 3.5 Remote Command Execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441810/100/0/threaded" + }, + { + "name": "1333", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1333" + }, + { + "name": "guestbook-index-file-include(28133)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28133" + }, + { + "name": "19274", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19274" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4171.json b/2006/4xxx/CVE-2006-4171.json index 99e2970078a..70476591107 100644 --- a/2006/4xxx/CVE-2006-4171.json +++ b/2006/4xxx/CVE-2006-4171.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4171", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4171", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4516.json b/2006/4xxx/CVE-2006-4516.json index c96adae0a27..7d22d4acea9 100644 --- a/2006/4xxx/CVE-2006-4516.json +++ b/2006/4xxx/CVE-2006-4516.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in FreeBSD 6.0-RELEASE allows local users to cause a denial of service (memory corruption and kernel panic) via a PT_LWPINFO ptrace command with a large negative data value that satisfies a signed maximum value check but is used in an unsigned copyout function call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061010 FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=419" - }, - { - "name" : "20440", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20440" - }, - { - "name" : "22367", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22367" - }, - { - "name" : "freebsd-ptlwpinfo-ptrace-dos(29476)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29476" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in FreeBSD 6.0-RELEASE allows local users to cause a denial of service (memory corruption and kernel panic) via a PT_LWPINFO ptrace command with a large negative data value that satisfies a signed maximum value check but is used in an unsigned copyout function call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22367", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22367" + }, + { + "name": "20061010 FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=419" + }, + { + "name": "20440", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20440" + }, + { + "name": "freebsd-ptlwpinfo-ptrace-dos(29476)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29476" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6347.json b/2006/6xxx/CVE-2006-6347.json index 0d5da07cd2c..1f1d3c62bd4 100644 --- a/2006/6xxx/CVE-2006-6347.json +++ b/2006/6xxx/CVE-2006-6347.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in TFT-Gallery allows remote authenticated administrators to upload arbitrary .php files, possibly using admin/index.php. NOTE: this can be leveraged with CVE-2006-1412 to create a remote unauthenticated vector." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061204 Multiple bugs in TFT-Gallery", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453471/100/0/threaded" - }, - { - "name" : "1983", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1983" - }, - { - "name" : "tftgallery-extension-file-upload(30731)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30731" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in TFT-Gallery allows remote authenticated administrators to upload arbitrary .php files, possibly using admin/index.php. NOTE: this can be leveraged with CVE-2006-1412 to create a remote unauthenticated vector." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061204 Multiple bugs in TFT-Gallery", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453471/100/0/threaded" + }, + { + "name": "tftgallery-extension-file-upload(30731)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30731" + }, + { + "name": "1983", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1983" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6433.json b/2006/6xxx/CVE-2006-6433.json index bc260bd88bd..ac50d4ab72d 100644 --- a/2006/6xxx/CVE-2006-6433.json +++ b/2006/6xxx/CVE-2006-6433.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 does not record accurate timestamps, which makes it easier for remote attackers to avoid detection when an audit tries to rely on these timestamps." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf" - }, - { - "name" : "ADV-2006-4791", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4791" - }, - { - "name" : "23265", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23265" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 does not record accurate timestamps, which makes it easier for remote attackers to avoid detection when an audit tries to rely on these timestamps." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf" + }, + { + "name": "23265", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23265" + }, + { + "name": "ADV-2006-4791", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4791" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6930.json b/2006/6xxx/CVE-2006-6930.json index 58445de1ef7..af07741f4e0 100644 --- a/2006/6xxx/CVE-2006-6930.json +++ b/2006/6xxx/CVE-2006-6930.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6930", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061119 Rapid Classified v3.1 [multiple xss (get) & injection sql]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452088/100/0/threaded" - }, - { - "name" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=44", - "refsource" : "MISC", - "url" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=44" - }, - { - "name" : "21197", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21197" - }, - { - "name" : "ADV-2006-4632", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4632" - }, - { - "name" : "22985", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22985" - }, - { - "name" : "2142", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2142" - }, - { - "name" : "rapidclassified-viewad-sql-injection(30449)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30449" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4632", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4632" + }, + { + "name": "22985", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22985" + }, + { + "name": "rapidclassified-viewad-sql-injection(30449)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30449" + }, + { + "name": "21197", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21197" + }, + { + "name": "http://s-a-p.ca/index.php?page=OurAdvisories&id=44", + "refsource": "MISC", + "url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=44" + }, + { + "name": "2142", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2142" + }, + { + "name": "20061119 Rapid Classified v3.1 [multiple xss (get) & injection sql]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452088/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7044.json b/2006/7xxx/CVE-2006-7044.json index faa585d20e3..320cfa6d13d 100644 --- a/2006/7xxx/CVE-2006-7044.json +++ b/2006/7xxx/CVE-2006-7044.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in comment.core.inc.php in Clan Manager Pro (CMPRO) 1.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sx02.coresec.de/advisories/150.txt", - "refsource" : "MISC", - "url" : "http://sx02.coresec.de/advisories/150.txt" - }, - { - "name" : "ADV-2006-2195", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2195" - }, - { - "name" : "26223", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26223" - }, - { - "name" : "cmpro-comment-file-include(27059)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27059" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in comment.core.inc.php in Clan Manager Pro (CMPRO) 1.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26223", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26223" + }, + { + "name": "cmpro-comment-file-include(27059)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27059" + }, + { + "name": "http://sx02.coresec.de/advisories/150.txt", + "refsource": "MISC", + "url": "http://sx02.coresec.de/advisories/150.txt" + }, + { + "name": "ADV-2006-2195", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2195" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2040.json b/2010/2xxx/CVE-2010-2040.json index fdebf3561eb..43b5322285c 100644 --- a/2010/2xxx/CVE-2010-2040.json +++ b/2010/2xxx/CVE-2010-2040.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.php in V-EVA Shopzilla Affiliate Script PHP allows remote attackers to inject arbitrary web script or HTML via the s parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.packetstormsecurity.org/1005-exploits/shopzillaas-xss.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.org/1005-exploits/shopzillaas-xss.txt" - }, - { - "name" : "40246", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40246" - }, - { - "name" : "64746", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64746" - }, - { - "name" : "39877", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39877" - }, - { - "name" : "shopzilla-search-xss(58749)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.php in V-EVA Shopzilla Affiliate Script PHP allows remote attackers to inject arbitrary web script or HTML via the s parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "shopzilla-search-xss(58749)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58749" + }, + { + "name": "http://www.packetstormsecurity.org/1005-exploits/shopzillaas-xss.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.org/1005-exploits/shopzillaas-xss.txt" + }, + { + "name": "40246", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40246" + }, + { + "name": "64746", + "refsource": "OSVDB", + "url": "http://osvdb.org/64746" + }, + { + "name": "39877", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39877" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2335.json b/2010/2xxx/CVE-2010-2335.json index 3298693b1f5..bdb6ca1ce70 100644 --- a/2010/2xxx/CVE-2010-2335.json +++ b/2010/2xxx/CVE-2010-2335.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to execute arbitrary SQL commands via the news parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13845", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13845" - }, - { - "name" : "http://www.yamamah.org/home/?page=39", - "refsource" : "MISC", - "url" : "http://www.yamamah.org/home/?page=39" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to execute arbitrary SQL commands via the news parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13845", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13845" + }, + { + "name": "http://www.yamamah.org/home/?page=39", + "refsource": "MISC", + "url": "http://www.yamamah.org/home/?page=39" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2474.json b/2010/2xxx/CVE-2010-2474.json index 70a4678aa86..dcfd9fe4c19 100644 --- a/2010/2xxx/CVE-2010-2474.json +++ b/2010/2xxx/CVE-2010-2474.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise SOA Platform before 5.0.2 does not properly consider the security domain with which a service is secured, which might allow remote attackers to gain privileges by executing a service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.redhat.com/docs/en-US/JBoss_SOA_Platform/5.0.2/html/5.0.2_Release_Notes/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.redhat.com/docs/en-US/JBoss_SOA_Platform/5.0.2/html/5.0.2_Release_Notes/index.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=609442", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=609442" - }, - { - "name" : "https://jira.jboss.org/browse/JBESB-3345", - "refsource" : "CONFIRM", - "url" : "https://jira.jboss.org/browse/JBESB-3345" - }, - { - "name" : "40568", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40568" - }, - { - "name" : "40681", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40681" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise SOA Platform before 5.0.2 does not properly consider the security domain with which a service is secured, which might allow remote attackers to gain privileges by executing a service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40568", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40568" + }, + { + "name": "40681", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40681" + }, + { + "name": "https://jira.jboss.org/browse/JBESB-3345", + "refsource": "CONFIRM", + "url": "https://jira.jboss.org/browse/JBESB-3345" + }, + { + "name": "http://www.redhat.com/docs/en-US/JBoss_SOA_Platform/5.0.2/html/5.0.2_Release_Notes/index.html", + "refsource": "CONFIRM", + "url": "http://www.redhat.com/docs/en-US/JBoss_SOA_Platform/5.0.2/html/5.0.2_Release_Notes/index.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=609442", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=609442" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2540.json b/2010/2xxx/CVE-2010-2540.json index 3b316f8a5bf..b0a90361343 100644 --- a/2010/2xxx/CVE-2010-2540.json +++ b/2010/2xxx/CVE-2010-2540.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[mapserver-users] 20100709 MapServer 5.6.4 and 4.10.6 released with important security fixes", - "refsource" : "MLIST", - "url" : "http://lists.osgeo.org/pipermail/mapserver-users/2010-July/066052.html" - }, - { - "name" : "[oss-security] 20100721 CVE id request: mapserver", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127973381215859&w=2" - }, - { - "name" : "[oss-security] 20100721 Re: CVE id request: mapserver", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127973754121922&w=2" - }, - { - "name" : "http://trac.osgeo.org/mapserver/ticket/3485", - "refsource" : "CONFIRM", - "url" : "http://trac.osgeo.org/mapserver/ticket/3485" - }, - { - "name" : "41855", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41855" - }, - { - "name" : "mapserver-cgi-code-execution(60852)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60852" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[mapserver-users] 20100709 MapServer 5.6.4 and 4.10.6 released with important security fixes", + "refsource": "MLIST", + "url": "http://lists.osgeo.org/pipermail/mapserver-users/2010-July/066052.html" + }, + { + "name": "41855", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41855" + }, + { + "name": "http://trac.osgeo.org/mapserver/ticket/3485", + "refsource": "CONFIRM", + "url": "http://trac.osgeo.org/mapserver/ticket/3485" + }, + { + "name": "[oss-security] 20100721 Re: CVE id request: mapserver", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127973754121922&w=2" + }, + { + "name": "mapserver-cgi-code-execution(60852)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60852" + }, + { + "name": "[oss-security] 20100721 CVE id request: mapserver", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127973381215859&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3348.json b/2010/3xxx/CVE-2010-3348.json index 6b5c6aa726f..a58b0bca3df 100644 --- a/2010/3xxx/CVE-2010-3348.json +++ b/2010/3xxx/CVE-2010-3348.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka \"Cross-Domain Information Disclosure Vulnerability,\" a different vulnerability than CVE-2010-3342." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-3348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-090", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090" - }, - { - "name" : "oval:org.mitre.oval:def:12055", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12055" - }, - { - "name" : "1024872", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024872" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka \"Cross-Domain Information Disclosure Vulnerability,\" a different vulnerability than CVE-2010-3342." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS10-090", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090" + }, + { + "name": "oval:org.mitre.oval:def:12055", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12055" + }, + { + "name": "1024872", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024872" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0452.json b/2011/0xxx/CVE-2011-0452.json index 9618737e93c..a507927a35f 100644 --- a/2011/0xxx/CVE-2011-0452.json +++ b/2011/0xxx/CVE-2011-0452.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in the script function in Lunascape before 6.4.3 allows local users to gain privileges via a Trojan horse executable file in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2011-0452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lunapedia.lunascape.jp/index.php?title=Lunascape6#2011.2F02.2F18_ver_6.4.3", - "refsource" : "CONFIRM", - "url" : "http://lunapedia.lunascape.jp/index.php?title=Lunascape6#2011.2F02.2F18_ver_6.4.3" - }, - { - "name" : "JVN#38362957", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN38362957/" - }, - { - "name" : "JVNDB-2011-000012", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000012.html" - }, - { - "name" : "43441", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43441" - }, - { - "name" : "lunascape-dll-code-execution(65592)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in the script function in Lunascape before 6.4.3 allows local users to gain privileges via a Trojan horse executable file in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#38362957", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN38362957/" + }, + { + "name": "http://lunapedia.lunascape.jp/index.php?title=Lunascape6#2011.2F02.2F18_ver_6.4.3", + "refsource": "CONFIRM", + "url": "http://lunapedia.lunascape.jp/index.php?title=Lunascape6#2011.2F02.2F18_ver_6.4.3" + }, + { + "name": "43441", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43441" + }, + { + "name": "lunascape-dll-code-execution(65592)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65592" + }, + { + "name": "JVNDB-2011-000012", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000012.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0474.json b/2011/0xxx/CVE-2011-0474.json index 9dfdaae1d19..1a4460d90f8 100644 --- a/2011/0xxx/CVE-2011-0474.json +++ b/2011/0xxx/CVE-2011-0474.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=66748", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=66748" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html" - }, - { - "name" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2054", - "refsource" : "CONFIRM", - "url" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2054" - }, - { - "name" : "DSA-2188", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2188" - }, - { - "name" : "45788", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45788" - }, - { - "name" : "70457", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70457" - }, - { - "name" : "oval:org.mitre.oval:def:14443", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14443" - }, - { - "name" : "42951", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42951" - }, - { - "name" : "chrome-css-cursors-unspecified(64665)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=66748", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=66748" + }, + { + "name": "oval:org.mitre.oval:def:14443", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14443" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html" + }, + { + "name": "45788", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45788" + }, + { + "name": "70457", + "refsource": "OSVDB", + "url": "http://osvdb.org/70457" + }, + { + "name": "chrome-css-cursors-unspecified(64665)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64665" + }, + { + "name": "http://www.srware.net/forum/viewtopic.php?f=18&t=2054", + "refsource": "CONFIRM", + "url": "http://www.srware.net/forum/viewtopic.php?f=18&t=2054" + }, + { + "name": "DSA-2188", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2188" + }, + { + "name": "42951", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42951" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1060.json b/2011/1xxx/CVE-2011-1060.json index 06236542da7..fff422cb577 100644 --- a/2011/1xxx/CVE-2011-1060.json +++ b/2011/1xxx/CVE-2011-1060.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the member function in classes/member.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the wsnuser cookie to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110218 www.eVuln.com : \"wsnuser\" Cookie SQL Injection vulnerability in WSN Guest", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516519/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/174/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/174/summary.html" - }, - { - "name" : "46444", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46444" - }, - { - "name" : "43374", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43374" - }, - { - "name" : "8101", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8101" - }, - { - "name" : "wsnguest-member-wsnuser-sql-injection(65527)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65527" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the member function in classes/member.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the wsnuser cookie to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46444", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46444" + }, + { + "name": "wsnguest-member-wsnuser-sql-injection(65527)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65527" + }, + { + "name": "20110218 www.eVuln.com : \"wsnuser\" Cookie SQL Injection vulnerability in WSN Guest", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516519/100/0/threaded" + }, + { + "name": "http://evuln.com/vulns/174/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/174/summary.html" + }, + { + "name": "8101", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8101" + }, + { + "name": "43374", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43374" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1472.json b/2011/1xxx/CVE-2011-1472.json index d8ef243405f..a7d00f6c34d 100644 --- a/2011/1xxx/CVE-2011-1472.json +++ b/2011/1xxx/CVE-2011-1472.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1472", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Nokia E75 phone with firmware before 211.12.01 allows physically proximate attackers to bypass the Device Lock code by entering an unspecified button sequence at boot time." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1472", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cert.fi/en/reports/2011/vulnerability410355.html", - "refsource" : "MISC", - "url" : "http://www.cert.fi/en/reports/2011/vulnerability410355.html" - }, - { - "name" : "47022", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47022" - }, - { - "name" : "43827", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43827" - }, - { - "name" : "nokiae75-lockcode-sec-bypass(66322)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66322" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Nokia E75 phone with firmware before 211.12.01 allows physically proximate attackers to bypass the Device Lock code by entering an unspecified button sequence at boot time." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43827", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43827" + }, + { + "name": "47022", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47022" + }, + { + "name": "http://www.cert.fi/en/reports/2011/vulnerability410355.html", + "refsource": "MISC", + "url": "http://www.cert.fi/en/reports/2011/vulnerability410355.html" + }, + { + "name": "nokiae75-lockcode-sec-bypass(66322)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66322" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1691.json b/2011/1xxx/CVE-2011-1691.json index f786a56fc24..adcc25c001a 100644 --- a/2011/1xxx/CVE-2011-1691.json +++ b/2011/1xxx/CVE-2011-1691.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access to the (1) counterIncrement and (2) counterReset attributes of CSSStyleDeclaration data provided by a getComputedStyle method call, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=77665", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=77665" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/04/beta-channel-update_12.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/04/beta-channel-update_12.html" - }, - { - "name" : "http://trac.webkit.org/changeset/82222", - "refsource" : "CONFIRM", - "url" : "http://trac.webkit.org/changeset/82222" - }, - { - "name" : "https://bugs.webkit.org/show_bug.cgi?id=57266", - "refsource" : "CONFIRM", - "url" : "https://bugs.webkit.org/show_bug.cgi?id=57266" - }, - { - "name" : "oval:org.mitre.oval:def:14365", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14365" - }, - { - "name" : "google-countertocssvalue-dos(66818)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66818" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access to the (1) counterIncrement and (2) counterReset attributes of CSSStyleDeclaration data provided by a getComputedStyle method call, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.webkit.org/show_bug.cgi?id=57266", + "refsource": "CONFIRM", + "url": "https://bugs.webkit.org/show_bug.cgi?id=57266" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=77665", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=77665" + }, + { + "name": "http://trac.webkit.org/changeset/82222", + "refsource": "CONFIRM", + "url": "http://trac.webkit.org/changeset/82222" + }, + { + "name": "oval:org.mitre.oval:def:14365", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14365" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/04/beta-channel-update_12.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/04/beta-channel-update_12.html" + }, + { + "name": "google-countertocssvalue-dos(66818)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66818" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1933.json b/2011/1xxx/CVE-2011-1933.json index 25896d6aaf2..ce01637b5b4 100644 --- a/2011/1xxx/CVE-2011-1933.json +++ b/2011/1xxx/CVE-2011-1933.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1933", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1933", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4000.json b/2011/4xxx/CVE-2011-4000.json index 390d87205f5..b498ddf9836 100644 --- a/2011/4xxx/CVE-2011-4000.json +++ b/2011/4xxx/CVE-2011-4000.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4000", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ChaSen 2.4.x allows remote attackers to execute arbitrary code via a crafted string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2011-4000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "openSUSE-SU-2012:0026", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/13154862" - }, - { - "name" : "openSUSE-SU-2012:0058", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/13155433" - }, - { - "name" : "JVN#16901583", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN16901583/index.html" - }, - { - "name" : "JVNDB-2011-000099", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000099" - }, - { - "name" : "47458", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in ChaSen 2.4.x allows remote attackers to execute arbitrary code via a crafted string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#16901583", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN16901583/index.html" + }, + { + "name": "openSUSE-SU-2012:0026", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/13154862" + }, + { + "name": "JVNDB-2011-000099", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000099" + }, + { + "name": "47458", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47458" + }, + { + "name": "openSUSE-SU-2012:0058", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/13155433" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4914.json b/2011/4xxx/CVE-2011-4914.json index bedfed3f61a..85907690a87 100644 --- a/2011/4xxx/CVE-2011-4914.json +++ b/2011/4xxx/CVE-2011-4914.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111227 Re: CVE request: kernel: multiple issues in ROSE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/12/28/2" - }, - { - "name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", - "refsource" : "CONFIRM", - "url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e0bccd315db0c2f919e7fcf9cb60db21d9986f52", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e0bccd315db0c2f919e7fcf9cb60db21d9986f52" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=770777", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=770777" - }, - { - "name" : "https://github.com/torvalds/linux/commit/e0bccd315db0c2f919e7fcf9cb60db21d9986f52", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/e0bccd315db0c2f919e7fcf9cb60db21d9986f52" - }, - { - "name" : "SUSE-SU-2015:0812", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e0bccd315db0c2f919e7fcf9cb60db21d9986f52", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e0bccd315db0c2f919e7fcf9cb60db21d9986f52" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=770777", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=770777" + }, + { + "name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", + "refsource": "CONFIRM", + "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" + }, + { + "name": "https://github.com/torvalds/linux/commit/e0bccd315db0c2f919e7fcf9cb60db21d9986f52", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/e0bccd315db0c2f919e7fcf9cb60db21d9986f52" + }, + { + "name": "[oss-security] 20111227 Re: CVE request: kernel: multiple issues in ROSE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/12/28/2" + }, + { + "name": "SUSE-SU-2015:0812", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5131.json b/2011/5xxx/CVE-2011-5131.json index 903e12ed7bd..71eae458b58 100644 --- a/2011/5xxx/CVE-2011-5131.json +++ b/2011/5xxx/CVE-2011-5131.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/", - "refsource" : "CONFIRM", - "url" : "http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/" - }, - { - "name" : "http://dev.mybb.com/issues/1729", - "refsource" : "CONFIRM", - "url" : "http://dev.mybb.com/issues/1729" - }, - { - "name" : "50816", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50816" - }, - { - "name" : "77327", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/77327" - }, - { - "name" : "46951", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46951" - }, - { - "name" : "mybb-language-setting-csrf(71462)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71462" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the language parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dev.mybb.com/issues/1729", + "refsource": "CONFIRM", + "url": "http://dev.mybb.com/issues/1729" + }, + { + "name": "77327", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/77327" + }, + { + "name": "46951", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46951" + }, + { + "name": "mybb-language-setting-csrf(71462)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71462" + }, + { + "name": "http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/", + "refsource": "CONFIRM", + "url": "http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/" + }, + { + "name": "50816", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50816" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2568.json b/2014/2xxx/CVE-2014-2568.json index 96a2acb1aac..340a8c5c6a0 100644 --- a/2014/2xxx/CVE-2014-2568.json +++ b/2014/2xxx/CVE-2014-2568.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20140320 [PATCH v3] core, nfqueue, openvswitch: Orphan frags in skb_zerocopy and handle errors", - "refsource" : "MLIST", - "url" : "https://lkml.org/lkml/2014/3/20/421" - }, - { - "name" : "[oss-security] 20140320 Re: CVE request -- kernel: net: potential information leak when ubuf backed skbs are skb_zerocopy()ied", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/03/20/16" - }, - { - "name" : "[oss-sec] 20140320 CVE request -- kernel: net: potential information leak when ubuf backed skbs are skb_zerocopy()ied", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q1/627" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1079012", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1079012" - }, - { - "name" : "USN-2240-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2240-1" - }, - { - "name" : "66348", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66348" - }, - { - "name" : "59599", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59599" - }, - { - "name" : "linux-kernel-cve20142568-info-disclosure(91922)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91922" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[linux-kernel] 20140320 [PATCH v3] core, nfqueue, openvswitch: Orphan frags in skb_zerocopy and handle errors", + "refsource": "MLIST", + "url": "https://lkml.org/lkml/2014/3/20/421" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1079012", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079012" + }, + { + "name": "USN-2240-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2240-1" + }, + { + "name": "66348", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66348" + }, + { + "name": "59599", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59599" + }, + { + "name": "linux-kernel-cve20142568-info-disclosure(91922)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91922" + }, + { + "name": "[oss-sec] 20140320 CVE request -- kernel: net: potential information leak when ubuf backed skbs are skb_zerocopy()ied", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q1/627" + }, + { + "name": "[oss-security] 20140320 Re: CVE request -- kernel: net: potential information leak when ubuf backed skbs are skb_zerocopy()ied", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/03/20/16" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3165.json b/2014/3xxx/CVE-2014-3165.json index 4c255e10800..9c3d1245506 100644 --- a/2014/3xxx/CVE-2014-3165.json +++ b/2014/3xxx/CVE-2014-3165.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an unexpectedly long lifetime of a temporary object during method completion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-3165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=390174", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=390174" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=177359&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=177359&view=revision" - }, - { - "name" : "DSA-3039", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3039" - }, - { - "name" : "GLSA-201408-16", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201408-16.xml" - }, - { - "name" : "69201", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69201" - }, - { - "name" : "1030732", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030732" - }, - { - "name" : "60798", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60798" - }, - { - "name" : "59904", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59904" - }, - { - "name" : "google-chrome-cve20143165-code-exec(95247)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95247" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an unexpectedly long lifetime of a temporary object during method completion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59904", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59904" + }, + { + "name": "google-chrome-cve20143165-code-exec(95247)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95247" + }, + { + "name": "GLSA-201408-16", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201408-16.xml" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=390174", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=390174" + }, + { + "name": "60798", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60798" + }, + { + "name": "http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html" + }, + { + "name": "DSA-3039", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3039" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=177359&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=177359&view=revision" + }, + { + "name": "69201", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69201" + }, + { + "name": "1030732", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030732" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6475.json b/2014/6xxx/CVE-2014-6475.json index 94b1b9d23bd..4489a0bbe2a 100644 --- a/2014/6xxx/CVE-2014-6475.json +++ b/2014/6xxx/CVE-2014-6475.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote authenticated users to affect confidentiality via unknown vectors related to Security." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70566", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70566" - }, - { - "name" : "1031044", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031044" - }, - { - "name" : "61701", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61701" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote authenticated users to affect confidentiality via unknown vectors related to Security." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70566", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70566" + }, + { + "name": "1031044", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031044" + }, + { + "name": "61701", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61701" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6556.json b/2014/6xxx/CVE-2014-6556.json index 5e7dca40f49..8972b55fd4e 100644 --- a/2014/6xxx/CVE-2014-6556.json +++ b/2014/6xxx/CVE-2014-6556.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to AD_DDL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "1031579", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to AD_DDL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "1031579", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031579" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6683.json b/2014/6xxx/CVE-2014-6683.json index 7eedc43da07..e7407ea7206 100644 --- a/2014/6xxx/CVE-2014-6683.json +++ b/2014/6xxx/CVE-2014-6683.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6683", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Open Electrical Webser (aka com.wOpenElectricalWeb) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#945057", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/945057" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Open Electrical Webser (aka com.wOpenElectricalWeb) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#945057", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/945057" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7132.json b/2014/7xxx/CVE-2014-7132.json index c300f008c42..a0d78da497a 100644 --- a/2014/7xxx/CVE-2014-7132.json +++ b/2014/7xxx/CVE-2014-7132.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Jambatan PBB Semporna (aka com.wJAMBATANPBBSEMPORNA) application 13523.82613 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#151825", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/151825" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Jambatan PBB Semporna (aka com.wJAMBATANPBBSEMPORNA) application 13523.82613 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#151825", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/151825" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7459.json b/2014/7xxx/CVE-2014-7459.json index 4b5bf37a304..11cd9355b76 100644 --- a/2014/7xxx/CVE-2014-7459.json +++ b/2014/7xxx/CVE-2014-7459.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Press-Leader (aka com.soln.S95309F65AD59F99CFC2C710A517B0B7E) application 1.0011.b0011 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#841745", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/841745" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Press-Leader (aka com.soln.S95309F65AD59F99CFC2C710A517B0B7E) application 1.0011.b0011 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#841745", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/841745" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7698.json b/2014/7xxx/CVE-2014-7698.json index fd4ecd7d46b..60cc7ac60aa 100644 --- a/2014/7xxx/CVE-2014-7698.json +++ b/2014/7xxx/CVE-2014-7698.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Xinhua International (aka org.xinhua.xnews_international) application 5.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#657297", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/657297" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Xinhua International (aka org.xinhua.xnews_international) application 5.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#657297", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/657297" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8126.json b/2014/8xxx/CVE-2014-8126.json index 6665ee4047c..6672bdb590c 100644 --- a/2014/8xxx/CVE-2014-8126.json +++ b/2014/8xxx/CVE-2014-8126.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8126", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8126", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8486.json b/2014/8xxx/CVE-2014-8486.json index 056e59c3dab..19542aa6679 100644 --- a/2014/8xxx/CVE-2014-8486.json +++ b/2014/8xxx/CVE-2014-8486.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8486", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-8496. Reason: This candidate is a duplicate of CVE-2014-8496. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-8496 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8486", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-8496. Reason: This candidate is a duplicate of CVE-2014-8496. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-8496 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2221.json b/2016/2xxx/CVE-2016-2221.json index 9431ac83a4d..f92d479c844 100644 --- a/2016/2xxx/CVE-2016-2221.json +++ b/2016/2xxx/CVE-2016-2221.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2221", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsing, as demonstrated by an https:example.com URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2016-2221", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wpvulndb.com/vulnerabilities/8377", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8377" - }, - { - "name" : "https://codex.wordpress.org/Version_4.4.2", - "refsource" : "CONFIRM", - "url" : "https://codex.wordpress.org/Version_4.4.2" - }, - { - "name" : "https://core.trac.wordpress.org/changeset/36444", - "refsource" : "CONFIRM", - "url" : "https://core.trac.wordpress.org/changeset/36444" - }, - { - "name" : "https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/" - }, - { - "name" : "DSA-3472", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3472" - }, - { - "name" : "82463", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/82463" - }, - { - "name" : "1034933", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034933" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsing, as demonstrated by an https:example.com URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://codex.wordpress.org/Version_4.4.2", + "refsource": "CONFIRM", + "url": "https://codex.wordpress.org/Version_4.4.2" + }, + { + "name": "1034933", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034933" + }, + { + "name": "82463", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/82463" + }, + { + "name": "https://core.trac.wordpress.org/changeset/36444", + "refsource": "CONFIRM", + "url": "https://core.trac.wordpress.org/changeset/36444" + }, + { + "name": "https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/" + }, + { + "name": "DSA-3472", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3472" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8377", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8377" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2434.json b/2016/2xxx/CVE-2016-2434.json index 7280c42a604..b91aa06d27a 100644 --- a/2016/2xxx/CVE-2016-2434.json +++ b/2016/2xxx/CVE-2016-2434.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27251090." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-05-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-05-01.html" - }, - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27251090." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-05-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-05-01.html" + }, + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2533.json b/2016/2xxx/CVE-2016-2533.json index 7d6496f93f1..1e0e580fe56 100644 --- a/2016/2xxx/CVE-2016-2533.json +++ b/2016/2xxx/CVE-2016-2533.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160202 CVE Request -- Buffer overflow in Python-Pillow and PIL", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/02/02/5" - }, - { - "name" : "[oss-security] 20160222 Re: CVE Request -- Buffer overflow in Python-Pillow and PIL", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/02/22/2" - }, - { - "name" : "https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst", - "refsource" : "CONFIRM", - "url" : "https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst" - }, - { - "name" : "https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9#diff-8ff6909c159597e22288ad818938fd6b", - "refsource" : "CONFIRM", - "url" : "https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9#diff-8ff6909c159597e22288ad818938fd6b" - }, - { - "name" : "https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6b", - "refsource" : "CONFIRM", - "url" : "https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6b" - }, - { - "name" : "https://github.com/python-pillow/Pillow/pull/1706", - "refsource" : "CONFIRM", - "url" : "https://github.com/python-pillow/Pillow/pull/1706" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" - }, - { - "name" : "DSA-3499", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3499" - }, - { - "name" : "GLSA-201612-52", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-52" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201612-52", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-52" + }, + { + "name": "[oss-security] 20160222 Re: CVE Request -- Buffer overflow in Python-Pillow and PIL", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/02/22/2" + }, + { + "name": "https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9#diff-8ff6909c159597e22288ad818938fd6b", + "refsource": "CONFIRM", + "url": "https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9#diff-8ff6909c159597e22288ad818938fd6b" + }, + { + "name": "DSA-3499", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3499" + }, + { + "name": "[oss-security] 20160202 CVE Request -- Buffer overflow in Python-Pillow and PIL", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/02/02/5" + }, + { + "name": "https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6b", + "refsource": "CONFIRM", + "url": "https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6b" + }, + { + "name": "https://github.com/python-pillow/Pillow/pull/1706", + "refsource": "CONFIRM", + "url": "https://github.com/python-pillow/Pillow/pull/1706" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" + }, + { + "name": "https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst", + "refsource": "CONFIRM", + "url": "https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18009.json b/2017/18xxx/CVE-2017-18009.json index a7547c68d34..4d3c7e24698 100644 --- a/2017/18xxx/CVE-2017-18009.json +++ b/2017/18xxx/CVE-2017-18009.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/opencv/opencv/issues/10479", - "refsource" : "MISC", - "url" : "https://github.com/opencv/opencv/issues/10479" - }, - { - "name" : "106945", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106945", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106945" + }, + { + "name": "https://github.com/opencv/opencv/issues/10479", + "refsource": "MISC", + "url": "https://github.com/opencv/opencv/issues/10479" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18154.json b/2017/18xxx/CVE-2017-18154.json index 9157b398ad3..8305d88067b 100644 --- a/2017/18xxx/CVE-2017-18154.json +++ b/2017/18xxx/CVE-2017-18154.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-05-11T00:00:00", - "ID" : "CVE-2017-18154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A crafted binder request can cause an arbitrary unmap in MediaServer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use of Out-of-range Pointer Offset in Display" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-05-11T00:00:00", + "ID": "CVE-2017-18154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2", - "refsource" : "MISC", - "url" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A crafted binder request can cause an arbitrary unmap in MediaServer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of Out-of-range Pointer Offset in Display" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2", + "refsource": "MISC", + "url": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18171.json b/2017/18xxx/CVE-2017-18171.json index 841eff6e179..c2c648322a2 100644 --- a/2017/18xxx/CVE-2017-18171.json +++ b/2017/18xxx/CVE-2017-18171.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-18171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper input validation for GATT data packet received in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation in Bluetooth Controller" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-18171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-07-01#qualcomm-closed-source-components", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-07-01#qualcomm-closed-source-components" - }, - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper input validation for GATT data packet received in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation in Bluetooth Controller" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "https://source.android.com/security/bulletin/2018-07-01#qualcomm-closed-source-components", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-07-01#qualcomm-closed-source-components" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1384.json b/2017/1xxx/CVE-2017-1384.json index d79426d36b3..50f13d6e70a 100644 --- a/2017/1xxx/CVE-2017-1384.json +++ b/2017/1xxx/CVE-2017-1384.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1384", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1384", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1681.json b/2017/1xxx/CVE-2017-1681.json index 8a2fac877dd..0df9503a9f6 100644 --- a/2017/1xxx/CVE-2017-1681.json +++ b/2017/1xxx/CVE-2017-1681.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-01-08T00:00:00", - "ID" : "CVE-2017-1681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Liberty for Java for Bluemix", - "version" : { - "version_data" : [ - { - "version_value" : "3.15" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.15) could allow a local attacker to obtain sensitive information, caused by improper handling of application requests, which could allow unauthorized access to read a file. IBM X-Force ID: 134003." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-01-08T00:00:00", + "ID": "CVE-2017-1681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Liberty for Java for Bluemix", + "version": { + "version_data": [ + { + "version_value": "3.15" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134003", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134003" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22011863", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22011863" - }, - { - "name" : "1040357", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040357" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.15) could allow a local attacker to obtain sensitive information, caused by improper handling of application requests, which could allow unauthorized access to read a file. IBM X-Force ID: 134003." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22011863", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22011863" + }, + { + "name": "1040357", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040357" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134003", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134003" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1949.json b/2017/1xxx/CVE-2017-1949.json index 03d937e1e3b..9bf3ce314b3 100644 --- a/2017/1xxx/CVE-2017-1949.json +++ b/2017/1xxx/CVE-2017-1949.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1949", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1949", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1963.json b/2017/1xxx/CVE-2017-1963.json index 96091fe1a12..1fd29015dc8 100644 --- a/2017/1xxx/CVE-2017-1963.json +++ b/2017/1xxx/CVE-2017-1963.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1963", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1963", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5303.json b/2017/5xxx/CVE-2017-5303.json index 050d8c6d1a0..a72a16786be 100644 --- a/2017/5xxx/CVE-2017-5303.json +++ b/2017/5xxx/CVE-2017-5303.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5303", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5303", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5647.json b/2017/5xxx/CVE-2017-5647.json index 8618a3b293d..a55891a6eab 100644 --- a/2017/5xxx/CVE-2017-5647.json +++ b/2017/5xxx/CVE-2017-5647.json @@ -1,144 +1,144 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2017-5647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Tomcat", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.0.M1 to 9.0.0.M18" - }, - { - "version_value" : "8.5.0 to 8.5.12" - }, - { - "version_value" : "8.0.0.RC1 to 8.0.42" - }, - { - "version_value" : "7.0.0 to 7.0.76" - }, - { - "version_value" : "6.0.0 to 6.0.52" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2017-5647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Tomcat", + "version": { + "version_data": [ + { + "version_value": "9.0.0.M1 to 9.0.0.M18" + }, + { + "version_value": "8.5.0 to 8.5.12" + }, + { + "version_value": "8.0.0.RC1 to 8.0.42" + }, + { + "version_value": "7.0.0 to 7.0.76" + }, + { + "version_value": "6.0.0 to 6.0.52" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[users] 20170410 [SECURITY] CVE-2017-5647 Apache Tomcat Information Disclosure", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/5796678c5a773c6f3ff57c178ac247d85ceca0dee9190ba48171451a@%3Cusers.tomcat.apache.org%3E" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03730en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03730en_us" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt", - "refsource" : "CONFIRM", - "url" : "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180614-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180614-0001/" - }, - { - "name" : "DSA-3842", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3842" - }, - { - "name" : "DSA-3843", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3843" - }, - { - "name" : "GLSA-201705-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-09" - }, - { - "name" : "RHSA-2017:3080", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3080" - }, - { - "name" : "RHSA-2017:3081", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3081" - }, - { - "name" : "RHSA-2017:1801", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1801" - }, - { - "name" : "RHSA-2017:1802", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1802" - }, - { - "name" : "RHSA-2017:2493", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2493" - }, - { - "name" : "RHSA-2017:2494", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2494" - }, - { - "name" : "1038218", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038218" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201705-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-09" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180614-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180614-0001/" + }, + { + "name": "RHSA-2017:3080", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3080" + }, + { + "name": "RHSA-2017:1801", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1801" + }, + { + "name": "DSA-3843", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3843" + }, + { + "name": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt", + "refsource": "CONFIRM", + "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt" + }, + { + "name": "RHSA-2017:2494", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2494" + }, + { + "name": "[users] 20170410 [SECURITY] CVE-2017-5647 Apache Tomcat Information Disclosure", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/5796678c5a773c6f3ff57c178ac247d85ceca0dee9190ba48171451a@%3Cusers.tomcat.apache.org%3E" + }, + { + "name": "1038218", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038218" + }, + { + "name": "DSA-3842", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3842" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03730en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03730en_us" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + }, + { + "name": "RHSA-2017:1802", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1802" + }, + { + "name": "RHSA-2017:2493", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2493" + }, + { + "name": "RHSA-2017:3081", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3081" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5752.json b/2017/5xxx/CVE-2017-5752.json index cbca3a584fe..6ae85955889 100644 --- a/2017/5xxx/CVE-2017-5752.json +++ b/2017/5xxx/CVE-2017-5752.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5752", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5752", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5916.json b/2017/5xxx/CVE-2017-5916.json index 7487f9e1082..71c12b51263 100644 --- a/2017/5xxx/CVE-2017-5916.json +++ b/2017/5xxx/CVE-2017-5916.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5916", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The America's First Federal Credit Union (FCU) Mobile Banking app 3.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5916", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The America's First Federal Credit Union (FCU) Mobile Banking app 3.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" + } + ] + } +} \ No newline at end of file