diff --git a/2006/2xxx/CVE-2006-2913.json b/2006/2xxx/CVE-2006-2913.json index e49d97131ee..955103064e1 100644 --- a/2006/2xxx/CVE-2006-2913.json +++ b/2006/2xxx/CVE-2006-2913.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2913", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows remote attackers to inject arbitrary web script or HTML via the albumID parameter to (1) popup.php and (2) view_album.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2006-2913", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2006-39/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-39/advisory/" - }, - { - "name" : "18349", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18349" - }, - { - "name" : "ADV-2006-2232", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2232" - }, - { - "name" : "26248", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26248" - }, - { - "name" : "26247", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26247" - }, - { - "name" : "20134", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20134" - }, - { - "name" : "selectapix-popup-viewalbum-xss(27012)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows remote attackers to inject arbitrary web script or HTML via the albumID parameter to (1) popup.php and (2) view_album.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2232", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2232" + }, + { + "name": "20134", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20134" + }, + { + "name": "18349", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18349" + }, + { + "name": "26248", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26248" + }, + { + "name": "26247", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26247" + }, + { + "name": "http://secunia.com/secunia_research/2006-39/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-39/advisory/" + }, + { + "name": "selectapix-popup-viewalbum-xss(27012)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27012" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3191.json b/2006/3xxx/CVE-2006-3191.json index 94f76ade749..e894d0b27bb 100644 --- a/2006/3xxx/CVE-2006-3191.json +++ b/2006/3xxx/CVE-2006-3191.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in comment.php in MPCS 0.2 allows remote attackers to inject arbitrary web script or HTML via the pageid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060617 MPCS v0.2 - XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437631/100/0/threaded" - }, - { - "name" : "http://tpvgames.co.uk/mpcs/", - "refsource" : "CONFIRM", - "url" : "http://tpvgames.co.uk/mpcs/" - }, - { - "name" : "18470", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18470" - }, - { - "name" : "1130", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1130" - }, - { - "name" : "mpcs-comment-xss(27286)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in comment.php in MPCS 0.2 allows remote attackers to inject arbitrary web script or HTML via the pageid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mpcs-comment-xss(27286)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27286" + }, + { + "name": "20060617 MPCS v0.2 - XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437631/100/0/threaded" + }, + { + "name": "18470", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18470" + }, + { + "name": "1130", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1130" + }, + { + "name": "http://tpvgames.co.uk/mpcs/", + "refsource": "CONFIRM", + "url": "http://tpvgames.co.uk/mpcs/" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3662.json b/2006/3xxx/CVE-2006-3662.json index db11828cd47..bdbb11163d1 100644 --- a/2006/3xxx/CVE-2006-3662.json +++ b/2006/3xxx/CVE-2006-3662.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3662", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states \"The mentioned SQL injection vulnerability is not possible.\" However, the relevant source code suggests that this issue may be legitimate, and the parameter is cleansed in 1.5.3.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060708 ATutor 1.5.3 Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-07/0096.html" - }, - { - "name" : "20060711 Re: ATutor 1.5.3 Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439873/100/100/threaded" - }, - { - "name" : "20060721 Re: ATutor 1.5.3 Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440837/100/100/threaded" - }, - { - "name" : "18898", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18898" - }, - { - "name" : "28188", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28188" - }, - { - "name" : "atutor-index-sql-injection(27620)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states \"The mentioned SQL injection vulnerability is not possible.\" However, the relevant source code suggests that this issue may be legitimate, and the parameter is cleansed in 1.5.3.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "atutor-index-sql-injection(27620)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27620" + }, + { + "name": "20060708 ATutor 1.5.3 Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0096.html" + }, + { + "name": "28188", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28188" + }, + { + "name": "18898", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18898" + }, + { + "name": "20060721 Re: ATutor 1.5.3 Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440837/100/100/threaded" + }, + { + "name": "20060711 Re: ATutor 1.5.3 Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439873/100/100/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3945.json b/2006/3xxx/CVE-2006-3945.json index 89dd383a871..b4dbc59fe59 100644 --- a/2006/3xxx/CVE-2006-3945.json +++ b/2006/3xxx/CVE-2006-3945.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the background property of a DHTML element to a long http or https URL, which triggers memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://browserfun.blogspot.com/2006/07/mobb-26-opera-css-background.html", - "refsource" : "MISC", - "url" : "http://browserfun.blogspot.com/2006/07/mobb-26-opera-css-background.html" - }, - { - "name" : "ADV-2006-2987", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2987" - }, - { - "name" : "27374", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27374" - }, - { - "name" : "opera-dhtml-background-dos(27977)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the background property of a DHTML element to a long http or https URL, which triggers memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "opera-dhtml-background-dos(27977)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27977" + }, + { + "name": "http://browserfun.blogspot.com/2006/07/mobb-26-opera-css-background.html", + "refsource": "MISC", + "url": "http://browserfun.blogspot.com/2006/07/mobb-26-opera-css-background.html" + }, + { + "name": "27374", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27374" + }, + { + "name": "ADV-2006-2987", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2987" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4051.json b/2006/4xxx/CVE-2006-4051.json index 381847656a9..a8c5eb4d354 100644 --- a/2006/4xxx/CVE-2006-4051.json +++ b/2006/4xxx/CVE-2006-4051.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in global.php in Turnkey Web Tools PHP Live Helper 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060804 [ECHO_ADV_42$2006] PHP Live Helper <= 2.0 (abs_path) Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442219/100/0/threaded" - }, - { - "name" : "http://advisories.echo.or.id/adv/adv43-matdhule-2006.txt", - "refsource" : "MISC", - "url" : "http://advisories.echo.or.id/adv/adv43-matdhule-2006.txt" - }, - { - "name" : "2120", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2120" - }, - { - "name" : "19349", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19349" - }, - { - "name" : "ADV-2006-3194", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3194" - }, - { - "name" : "1016639", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016639" - }, - { - "name" : "1369", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1369" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in global.php in Turnkey Web Tools PHP Live Helper 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3194", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3194" + }, + { + "name": "1369", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1369" + }, + { + "name": "2120", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2120" + }, + { + "name": "http://advisories.echo.or.id/adv/adv43-matdhule-2006.txt", + "refsource": "MISC", + "url": "http://advisories.echo.or.id/adv/adv43-matdhule-2006.txt" + }, + { + "name": "20060804 [ECHO_ADV_42$2006] PHP Live Helper <= 2.0 (abs_path) Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442219/100/0/threaded" + }, + { + "name": "1016639", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016639" + }, + { + "name": "19349", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19349" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4558.json b/2006/4xxx/CVE-2006-4558.json index b87655f6ab8..a53bb2bac0e 100644 --- a/2006/4xxx/CVE-2006-4558.json +++ b/2006/4xxx/CVE-2006-4558.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060516 DeluxeBB <= v1.06 attachment mod_mime exploit", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-05/0318.html" - }, - { - "name" : "http://retrogod.altervista.org/deluxebb_106_xpl.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/deluxebb_106_xpl.html" - }, - { - "name" : "ADV-2006-1843", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1843" - }, - { - "name" : "20135", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20135" - }, - { - "name" : "1492", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1492" - }, - { - "name" : "deluxebb-modmime-file-upload(26485)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26485" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1492", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1492" + }, + { + "name": "http://retrogod.altervista.org/deluxebb_106_xpl.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/deluxebb_106_xpl.html" + }, + { + "name": "ADV-2006-1843", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1843" + }, + { + "name": "deluxebb-modmime-file-upload(26485)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26485" + }, + { + "name": "20135", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20135" + }, + { + "name": "20060516 DeluxeBB <= v1.06 attachment mod_mime exploit", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0318.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6209.json b/2006/6xxx/CVE-2006-6209.json index cbf71caef20..f5512a528fd 100644 --- a/2006/6xxx/CVE-2006-6209.json +++ b/2006/6xxx/CVE-2006-6209.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup parameter to (b) item_list.asp. NOTE: the code_no parameter to Item_Show.asp is covered by CVE-2005-2601." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061124 [Aria-Security Team] MidiCart ASP Plus Shopping Cart SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452557/100/0/threaded" - }, - { - "name" : "20061124 [Aria-Security Team] MidiCart ASP Shopping Cart SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452573/100/0/threaded" - }, - { - "name" : "http://www.aria-security.com/forum/showthread.php?t=42", - "refsource" : "MISC", - "url" : "http://www.aria-security.com/forum/showthread.php?t=42" - }, - { - "name" : "21273", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21273" - }, - { - "name" : "1947", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1947" - }, - { - "name" : "midicart-itemshow-sql-injection(30506)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30506" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup parameter to (b) item_list.asp. NOTE: the code_no parameter to Item_Show.asp is covered by CVE-2005-2601." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.aria-security.com/forum/showthread.php?t=42", + "refsource": "MISC", + "url": "http://www.aria-security.com/forum/showthread.php?t=42" + }, + { + "name": "1947", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1947" + }, + { + "name": "20061124 [Aria-Security Team] MidiCart ASP Plus Shopping Cart SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452557/100/0/threaded" + }, + { + "name": "20061124 [Aria-Security Team] MidiCart ASP Shopping Cart SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452573/100/0/threaded" + }, + { + "name": "midicart-itemshow-sql-injection(30506)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30506" + }, + { + "name": "21273", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21273" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6329.json b/2006/6xxx/CVE-2006-6329.json index 58189b37900..6adcf296373 100644 --- a/2006/6xxx/CVE-2006-6329.json +++ b/2006/6xxx/CVE-2006-6329.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6329", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php for TorrentFlux 2.2 allows remote attackers to delete files by specifying the target filename in the delfile parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2786", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2786" - }, - { - "name" : "22880", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22880" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php for TorrentFlux 2.2 allows remote attackers to delete files by specifying the target filename in the delfile parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582" + }, + { + "name": "2786", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2786" + }, + { + "name": "22880", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22880" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6371.json b/2006/6xxx/CVE-2006-6371.json index 7103354df9b..4b1c42e7b96 100644 --- a/2006/6xxx/CVE-2006-6371.json +++ b/2006/6xxx/CVE-2006-6371.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB Guest Book allows remote attackers to inject arbitrary web script or HTML via the author parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061204 XSS in JAB Guest Book", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453482/100/0/threaded" - }, - { - "name" : "21429", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21429" - }, - { - "name" : "23216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23216" - }, - { - "name" : "1992", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1992" - }, - { - "name" : "jabguestbook-pbguestbook-xss(30718)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB Guest Book allows remote attackers to inject arbitrary web script or HTML via the author parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061204 XSS in JAB Guest Book", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453482/100/0/threaded" + }, + { + "name": "21429", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21429" + }, + { + "name": "jabguestbook-pbguestbook-xss(30718)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30718" + }, + { + "name": "23216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23216" + }, + { + "name": "1992", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1992" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6375.json b/2006/6xxx/CVE-2006-6375.json index 2a0601a82fb..8c2fa8869c5 100644 --- a/2006/6xxx/CVE-2006-6375.json +++ b/2006/6xxx/CVE-2006-6375.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorer's automatic type detection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061203 SMF upload XSS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453426/100/0/threaded" - }, - { - "name" : "21431", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21431" - }, - { - "name" : "ADV-2006-4843", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4843" - }, - { - "name" : "23175", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23175" - }, - { - "name" : "2001", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2001" - }, - { - "name" : "smf-display-xss(30659)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30659" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorer's automatic type detection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23175", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23175" + }, + { + "name": "ADV-2006-4843", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4843" + }, + { + "name": "smf-display-xss(30659)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30659" + }, + { + "name": "20061203 SMF upload XSS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453426/100/0/threaded" + }, + { + "name": "21431", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21431" + }, + { + "name": "2001", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2001" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7026.json b/2006/7xxx/CVE-2006-7026.json index ea9235f01ad..ac5cc28972c 100644 --- a/2006/7xxx/CVE-2006-7026.json +++ b/2006/7xxx/CVE-2006-7026.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7026", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in sources/join.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter, a different vector than CVE-2006-2149." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1730", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1730" - }, - { - "name" : "aardvark-lostpw-join-file-include(26189)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26189" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in sources/join.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter, a different vector than CVE-2006-2149." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1730", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1730" + }, + { + "name": "aardvark-lostpw-join-file-include(26189)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26189" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2480.json b/2010/2xxx/CVE-2010-2480.json index e9523658925..7499b2f1d8d 100644 --- a/2010/2xxx/CVE-2010-2480.json +++ b/2010/2xxx/CVE-2010-2480.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.python.org/issue9061", - "refsource" : "MISC", - "url" : "http://bugs.python.org/issue9061" - }, - { - "name" : "http://www.makotemplates.org/CHANGES", - "refsource" : "CONFIRM", - "url" : "http://www.makotemplates.org/CHANGES" - }, - { - "name" : "SUSE-SR:2010:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" - }, - { - "name" : "39935", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39935" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.makotemplates.org/CHANGES", + "refsource": "CONFIRM", + "url": "http://www.makotemplates.org/CHANGES" + }, + { + "name": "http://bugs.python.org/issue9061", + "refsource": "MISC", + "url": "http://bugs.python.org/issue9061" + }, + { + "name": "SUSE-SR:2010:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" + }, + { + "name": "39935", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39935" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2944.json b/2010/2xxx/CVE-2010-2944.json index c6ef1fea306..3a2fc885be4 100644 --- a/2010/2xxx/CVE-2010-2944.json +++ b/2010/2xxx/CVE-2010-2944.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2944", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope-ldapuserfolder 2.9-1 does not verify the password for the emergency account, which allows remote attackers to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100818 CVE request: zope-ldapuser", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/08/18/3" - }, - { - "name" : "[oss-security] 20100819 Re: CVE request: zope-ldapuser", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/08/19/7" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593466", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593466" - }, - { - "name" : "41022", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41022" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope-ldapuserfolder 2.9-1 does not verify the password for the emergency account, which allows remote attackers to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41022", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41022" + }, + { + "name": "[oss-security] 20100819 Re: CVE request: zope-ldapuser", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/08/19/7" + }, + { + "name": "[oss-security] 20100818 CVE request: zope-ldapuser", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/08/18/3" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593466", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593466" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0022.json b/2011/0xxx/CVE-2011-0022.json index 4d3e86c4b66..db3e7c099fb 100644 --- a/2011/0xxx/CVE-2011-0022.json +++ b/2011/0xxx/CVE-2011-0022.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-0022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=671199", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=671199" - }, - { - "name" : "RHSA-2011:0293", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0293.html" - }, - { - "name" : "46489", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46489" - }, - { - "name" : "1025102", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025102", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025102" + }, + { + "name": "RHSA-2011:0293", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0293.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=671199", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=671199" + }, + { + "name": "46489", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46489" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0292.json b/2011/0xxx/CVE-2011-0292.json index d85797c0141..4f84d1ce0f8 100644 --- a/2011/0xxx/CVE-2011-0292.json +++ b/2011/0xxx/CVE-2011-0292.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0292", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0292", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0717.json b/2011/0xxx/CVE-2011-0717.json index fe04922c6d0..168994e0c22 100644 --- a/2011/0xxx/CVE-2011-0717.json +++ b/2011/0xxx/CVE-2011-0717.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0717", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in Red Hat Network (RHN) Satellite Server 5.4 allows remote attackers to hijack web sessions via unspecified vectors related to Spacewalk." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-0717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=672159", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=672159" - }, - { - "name" : "RHSA-2011:0300", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0300.html" - }, - { - "name" : "46528", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46528" - }, - { - "name" : "1025116", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025116" - }, - { - "name" : "43487", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43487" - }, - { - "name" : "ADV-2011-0491", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0491" - }, - { - "name" : "rhnss-session-hijacking(65658)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in Red Hat Network (RHN) Satellite Server 5.4 allows remote attackers to hijack web sessions via unspecified vectors related to Spacewalk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46528", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46528" + }, + { + "name": "ADV-2011-0491", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0491" + }, + { + "name": "RHSA-2011:0300", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0300.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=672159", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=672159" + }, + { + "name": "1025116", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025116" + }, + { + "name": "rhnss-session-hijacking(65658)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65658" + }, + { + "name": "43487", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43487" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0888.json b/2011/0xxx/CVE-2011-0888.json index 311fa3c4cb0..035fd52cac4 100644 --- a/2011/0xxx/CVE-2011-0888.json +++ b/2011/0xxx/CVE-2011-0888.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0888", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0888", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0993.json b/2011/0xxx/CVE-2011-0993.json index 97962620c51..affc49aa76b 100644 --- a/2011/0xxx/CVE-2011-0993.json +++ b/2011/0xxx/CVE-2011-0993.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SUSE-SR:2011:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00005.html" - }, - { - "name" : "slms-cve20110993-info-disc(95697)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "slms-cve20110993-info-disc(95697)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95697" + }, + { + "name": "SUSE-SR:2011:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00005.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1039.json b/2011/1xxx/CVE-2011-1039.json index 35af4314d17..cb68fc68f98 100644 --- a/2011/1xxx/CVE-2011-1039.json +++ b/2011/1xxx/CVE-2011-1039.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1039", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1039", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1277.json b/2011/1xxx/CVE-2011-1277.json index 370edf5723a..f96206f79aa 100644 --- a/2011/1xxx/CVE-2011-1277.json +++ b/2011/1xxx/CVE-2011-1277.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka \"Excel Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-045", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045" - }, - { - "name" : "48162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48162" - }, - { - "name" : "oval:org.mitre.oval:def:12291", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka \"Excel Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48162" + }, + { + "name": "oval:org.mitre.oval:def:12291", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12291" + }, + { + "name": "MS11-045", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-045" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1728.json b/2011/1xxx/CVE-2011-1728.json index 906317ca3bf..39f75b27cec 100644 --- a/2011/1xxx/CVE-2011-1728.json +++ b/2011/1xxx/CVE-2011-1728.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_BAR message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-1728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110429 ZDI-11-144: HP Data Protector Backup Client Service EXEC_BAR Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517764/100/0/threaded" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-11-144/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-11-144/" - }, - { - "name" : "HPSBMA02668", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240" - }, - { - "name" : "SSRT100474", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240" - }, - { - "name" : "47638", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47638" - }, - { - "name" : "72187", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/72187" - }, - { - "name" : "1025454", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025454" - }, - { - "name" : "44402", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44402" - }, - { - "name" : "hp-openview-data-code-exec(67201)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_BAR message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110429 ZDI-11-144: HP Data Protector Backup Client Service EXEC_BAR Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517764/100/0/threaded" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-11-144/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-11-144/" + }, + { + "name": "47638", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47638" + }, + { + "name": "hp-openview-data-code-exec(67201)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67201" + }, + { + "name": "HPSBMA02668", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240" + }, + { + "name": "SSRT100474", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240" + }, + { + "name": "44402", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44402" + }, + { + "name": "72187", + "refsource": "OSVDB", + "url": "http://osvdb.org/72187" + }, + { + "name": "1025454", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025454" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1748.json b/2011/1xxx/CVE-2011-1748.json index 1bf37e17523..819fb58d963 100644 --- a/2011/1xxx/CVE-2011-1748.json +++ b/2011/1xxx/CVE-2011-1748.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The raw_release function in net/can/raw.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[netdev] 20110420 [PATCH v2] can: add missing socket check in can/raw release", - "refsource" : "MLIST", - "url" : "http://permalink.gmane.org/gmane.linux.network/192974" - }, - { - "name" : "[oss-security] 20110421 Re: CVE request: kernel: missing socket check in can/bcm release", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/20/7" - }, - { - "name" : "[oss-security] 20110421 Re: CVE request: kernel: missing socket check in can/bcm release", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/21/1" - }, - { - "name" : "[oss-security] 20110421 Re: CVE request: kernel: missing socket check in can/bcm release", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/21/2" - }, - { - "name" : "[oss-security] 20110421 Re: CVE request: kernel: missing socket check in can/bcm release", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/21/7" - }, - { - "name" : "[oss-security] 20110422 Re: CVE request: kernel: missing socket check in can/bcm release", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/22/2" - }, - { - "name" : "[oss-security] 20110425 Re: CVE request: kernel: missing socket check in can/bcm release", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/25/4" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=10022a6c66e199d8f61d9044543f38785713cbbd", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=10022a6c66e199d8f61d9044543f38785713cbbd" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc6", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc6" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=698057", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=698057" - }, - { - "name" : "47835", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47835" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The raw_release function in net/can/raw.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110421 Re: CVE request: kernel: missing socket check in can/bcm release", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/21/1" + }, + { + "name": "[oss-security] 20110421 Re: CVE request: kernel: missing socket check in can/bcm release", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/20/7" + }, + { + "name": "47835", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47835" + }, + { + "name": "[oss-security] 20110425 Re: CVE request: kernel: missing socket check in can/bcm release", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/25/4" + }, + { + "name": "[oss-security] 20110421 Re: CVE request: kernel: missing socket check in can/bcm release", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/21/7" + }, + { + "name": "[netdev] 20110420 [PATCH v2] can: add missing socket check in can/raw release", + "refsource": "MLIST", + "url": "http://permalink.gmane.org/gmane.linux.network/192974" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc6", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc6" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=10022a6c66e199d8f61d9044543f38785713cbbd", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=10022a6c66e199d8f61d9044543f38785713cbbd" + }, + { + "name": "[oss-security] 20110422 Re: CVE request: kernel: missing socket check in can/bcm release", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/22/2" + }, + { + "name": "[oss-security] 20110421 Re: CVE request: kernel: missing socket check in can/bcm release", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/21/2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=698057", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=698057" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4204.json b/2011/4xxx/CVE-2011-4204.json index 2d635ce18dd..d384e55e440 100644 --- a/2011/4xxx/CVE-2011-4204.json +++ b/2011/4xxx/CVE-2011-4204.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4204", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4204", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4819.json b/2011/4xxx/CVE-2011-4819.json index 468ab4daab7..2b3dc420229 100644 --- a/2011/4xxx/CVE-2011-4819.json +++ b/2011/4xxx/CVE-2011-4819.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2011-4819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21584666", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21584666" - }, - { - "name" : "IV09202", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09202" - }, - { - "name" : "52333", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52333" - }, - { - "name" : "48299", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48299" - }, - { - "name" : "maximo-uisesionid-xss(72008)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" + }, + { + "name": "maximo-uisesionid-xss(72008)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72008" + }, + { + "name": "48299", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48299" + }, + { + "name": "52333", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52333" + }, + { + "name": "IV09202", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09202" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4937.json b/2011/4xxx/CVE-2011-4937.json index 9d90614ffed..573432d0f14 100644 --- a/2011/4xxx/CVE-2011-4937.json +++ b/2011/4xxx/CVE-2011-4937.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4937", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4937", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2521.json b/2014/2xxx/CVE-2014-2521.json index 482e471c11b..5b74d9778ed 100644 --- a/2014/2xxx/CVE-2014-2521.json +++ b/2014/2xxx/CVE-2014-2521.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2014-2521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140818 ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533162/30/0/threaded" - }, - { - "name" : "69276", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69276" - }, - { - "name" : "1030743", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030743" - }, - { - "name" : "60571", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60571" - }, - { - "name" : "emc-documentum-cve20142521-info-disc(95370)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030743", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030743" + }, + { + "name": "69276", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69276" + }, + { + "name": "20140818 ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533162/30/0/threaded" + }, + { + "name": "60571", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60571" + }, + { + "name": "emc-documentum-cve20142521-info-disc(95370)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95370" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2984.json b/2014/2xxx/CVE-2014-2984.json index cafcd5f4ee4..a766f7134a7 100644 --- a/2014/2xxx/CVE-2014-2984.json +++ b/2014/2xxx/CVE-2014-2984.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2984", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2650. Reason: This candidate is a reservation duplicate of CVE-2014-2650. Notes: All CVE users should reference CVE-2014-2650 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-2984", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2650. Reason: This candidate is a reservation duplicate of CVE-2014-2650. Notes: All CVE users should reference CVE-2014-2650 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3069.json b/2014/3xxx/CVE-2014-3069.json index b773f68d174..42add6c5f53 100644 --- a/2014/3xxx/CVE-2014-3069.json +++ b/2014/3xxx/CVE-2014-3069.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management (SPM) 6.0.5.5, when WebSphere Application Server is not used, allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681213", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681213" - }, - { - "name" : "59688", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59688" - }, - { - "name" : "ibm-curam-cve20143069-csrf(94839)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94839" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management (SPM) 6.0.5.5, when WebSphere Application Server is not used, allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681213", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681213" + }, + { + "name": "59688", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59688" + }, + { + "name": "ibm-curam-cve20143069-csrf(94839)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94839" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3668.json b/2014/3xxx/CVE-2014-3668.json index a584579b6b1..718e5128475 100644 --- a/2014/3xxx/CVE-2014-3668.json +++ b/2014/3xxx/CVE-2014-3668.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3668", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.php.net/?p=php-src.git;a=commit;h=88412772d295ebf7dd34409534507dc9bcac726e", - "refsource" : "CONFIRM", - "url" : "http://git.php.net/?p=php-src.git;a=commit;h=88412772d295ebf7dd34409534507dc9bcac726e" - }, - { - "name" : "http://php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-5.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=68027", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=68027" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1154503", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1154503" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-1767.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-1767.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-1768.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-1768.html" - }, - { - "name" : "https://support.apple.com/HT204659", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204659" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" - }, - { - "name" : "APPLE-SA-2015-04-08-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" - }, - { - "name" : "DSA-3064", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3064" - }, - { - "name" : "RHSA-2014:1767", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1767.html" - }, - { - "name" : "RHSA-2014:1768", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1768.html" - }, - { - "name" : "RHSA-2014:1765", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1765.html" - }, - { - "name" : "RHSA-2014:1766", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1766.html" - }, - { - "name" : "openSUSE-SU-2014:1377", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html" - }, - { - "name" : "openSUSE-SU-2014:1391", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html" - }, - { - "name" : "openSUSE-SU-2015:0014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html" - }, - { - "name" : "USN-2391-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2391-1" - }, - { - "name" : "70666", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70666" - }, - { - "name" : "59967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59967" - }, - { - "name" : "60630", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60630" - }, - { - "name" : "60699", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60699" - }, - { - "name" : "61763", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61763" - }, - { - "name" : "61970", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61970" - }, - { - "name" : "61982", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61982" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59967" + }, + { + "name": "openSUSE-SU-2014:1391", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00034.html" + }, + { + "name": "http://git.php.net/?p=php-src.git;a=commit;h=88412772d295ebf7dd34409534507dc9bcac726e", + "refsource": "CONFIRM", + "url": "http://git.php.net/?p=php-src.git;a=commit;h=88412772d295ebf7dd34409534507dc9bcac726e" + }, + { + "name": "RHSA-2014:1767", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html" + }, + { + "name": "USN-2391-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2391-1" + }, + { + "name": "https://support.apple.com/HT204659", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204659" + }, + { + "name": "openSUSE-SU-2014:1377", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00024.html" + }, + { + "name": "61982", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61982" + }, + { + "name": "61763", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61763" + }, + { + "name": "https://bugs.php.net/bug.php?id=68027", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=68027" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-1767.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1767.html" + }, + { + "name": "RHSA-2014:1766", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html" + }, + { + "name": "DSA-3064", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3064" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-1768.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1768.html" + }, + { + "name": "70666", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70666" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" + }, + { + "name": "http://php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-5.php" + }, + { + "name": "APPLE-SA-2015-04-08-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" + }, + { + "name": "61970", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61970" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1154503", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154503" + }, + { + "name": "openSUSE-SU-2015:0014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00006.html" + }, + { + "name": "RHSA-2014:1765", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html" + }, + { + "name": "RHSA-2014:1768", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html" + }, + { + "name": "60699", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60699" + }, + { + "name": "60630", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60630" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6213.json b/2014/6xxx/CVE-2014-6213.json index fa11e3bef7c..f6f61404438 100644 --- a/2014/6xxx/CVE-2014-6213.json +++ b/2014/6xxx/CVE-2014-6213.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6213", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6213", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6335.json b/2014/6xxx/CVE-2014-6335.json index 77b234a9581..db2dc68cd66 100644 --- a/2014/6xxx/CVE-2014-6335.json +++ b/2014/6xxx/CVE-2014-6335.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Invalid Pointer Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-6335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-069", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069" - }, - { - "name" : "70963", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70963" - }, - { - "name" : "1031189", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031189" - }, - { - "name" : "59867", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Invalid Pointer Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031189", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031189" + }, + { + "name": "MS14-069", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-069" + }, + { + "name": "59867", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59867" + }, + { + "name": "70963", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70963" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6398.json b/2014/6xxx/CVE-2014-6398.json index f3ce3052acc..97eca42aece 100644 --- a/2014/6xxx/CVE-2014-6398.json +++ b/2014/6xxx/CVE-2014-6398.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6398", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6398", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6407.json b/2014/6xxx/CVE-2014-6407.json index 21bf7dff349..a4ea2c20f88 100644 --- a/2014/6xxx/CVE-2014-6407.json +++ b/2014/6xxx/CVE-2014-6407.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141124 Docker 1.3.2 - Security Advisory [24 Nov 2014]", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/11/24/5" - }, - { - "name" : "https://docs.docker.com/v1.3/release-notes/", - "refsource" : "CONFIRM", - "url" : "https://docs.docker.com/v1.3/release-notes/" - }, - { - "name" : "FEDORA-2014-15779", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html" - }, - { - "name" : "openSUSE-SU-2014:1596", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html" - }, - { - "name" : "60171", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60171" - }, - { - "name" : "60241", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60241", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60241" + }, + { + "name": "60171", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60171" + }, + { + "name": "https://docs.docker.com/v1.3/release-notes/", + "refsource": "CONFIRM", + "url": "https://docs.docker.com/v1.3/release-notes/" + }, + { + "name": "openSUSE-SU-2014:1596", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html" + }, + { + "name": "FEDORA-2014-15779", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html" + }, + { + "name": "[oss-security] 20141124 Docker 1.3.2 - Security Advisory [24 Nov 2014]", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/11/24/5" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6969.json b/2014/6xxx/CVE-2014-6969.json index 741d9b125e9..ae0f871ab2d 100644 --- a/2014/6xxx/CVE-2014-6969.json +++ b/2014/6xxx/CVE-2014-6969.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6969", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Deltin Suites (aka com.DeltinSuites) application 3.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6969", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#130265", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/130265" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Deltin Suites (aka com.DeltinSuites) application 3.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#130265", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/130265" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7014.json b/2014/7xxx/CVE-2014-7014.json index ea581d02af0..2b9558dc764 100644 --- a/2014/7xxx/CVE-2014-7014.json +++ b/2014/7xxx/CVE-2014-7014.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7014", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7014", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7017.json b/2014/7xxx/CVE-2014-7017.json index 13794460657..4e6748c2bfa 100644 --- a/2014/7xxx/CVE-2014-7017.json +++ b/2014/7xxx/CVE-2014-7017.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Tim Ban Bon Phuong (aka com.entertaiment.timbanbonphuong) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#760609", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/760609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Tim Ban Bon Phuong (aka com.entertaiment.timbanbonphuong) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#760609", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/760609" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7146.json b/2014/7xxx/CVE-2014-7146.json index 58f7df7b8df..772e89d059c 100644 --- a/2014/7xxx/CVE-2014-7146.json +++ b/2014/7xxx/CVE-2014-7146.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141108 CVE-2014-7146: MantisBT XmlImportExport plugin PHP Code Injection Vulnerability", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q4/576" - }, - { - "name" : "http://www.mantisbt.org/bugs/view.php?id=17725", - "refsource" : "CONFIRM", - "url" : "http://www.mantisbt.org/bugs/view.php?id=17725" - }, - { - "name" : "https://github.com/mantisbt/mantisbt/commit/84017535", - "refsource" : "CONFIRM", - "url" : "https://github.com/mantisbt/mantisbt/commit/84017535" - }, - { - "name" : "https://github.com/mantisbt/mantisbt/commit/bed19db9", - "refsource" : "CONFIRM", - "url" : "https://github.com/mantisbt/mantisbt/commit/bed19db9" - }, - { - "name" : "DSA-3120", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3120" - }, - { - "name" : "70993", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70993" - }, - { - "name" : "62101", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62101" - }, - { - "name" : "mantisbt-cve20147146-code-exec(98572)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70993", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70993" + }, + { + "name": "http://www.mantisbt.org/bugs/view.php?id=17725", + "refsource": "CONFIRM", + "url": "http://www.mantisbt.org/bugs/view.php?id=17725" + }, + { + "name": "https://github.com/mantisbt/mantisbt/commit/bed19db9", + "refsource": "CONFIRM", + "url": "https://github.com/mantisbt/mantisbt/commit/bed19db9" + }, + { + "name": "mantisbt-cve20147146-code-exec(98572)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98572" + }, + { + "name": "https://github.com/mantisbt/mantisbt/commit/84017535", + "refsource": "CONFIRM", + "url": "https://github.com/mantisbt/mantisbt/commit/84017535" + }, + { + "name": "62101", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62101" + }, + { + "name": "[oss-security] 20141108 CVE-2014-7146: MantisBT XmlImportExport plugin PHP Code Injection Vulnerability", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q4/576" + }, + { + "name": "DSA-3120", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3120" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7630.json b/2014/7xxx/CVE-2014-7630.json index 3cdf97dc09c..a89d3106a9e 100644 --- a/2014/7xxx/CVE-2014-7630.json +++ b/2014/7xxx/CVE-2014-7630.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Fling Gold (aka com.mbgames.fling.gold) application 1.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#542017", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/542017" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Fling Gold (aka com.mbgames.fling.gold) application 1.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#542017", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/542017" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7678.json b/2014/7xxx/CVE-2014-7678.json index ea6e750feb5..e2a19ecd392 100644 --- a/2014/7xxx/CVE-2014-7678.json +++ b/2014/7xxx/CVE-2014-7678.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7678", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7678", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0546.json b/2017/0xxx/CVE-2017-0546.json index 397fddfc382..79b16f6e4f8 100644 --- a/2017/0xxx/CVE-2017-0546.json +++ b/2017/0xxx/CVE-2017-0546.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-4.4.4" - }, - { - "version_value" : "Android-5.0.2" - }, - { - "version_value" : "Android-5.1.1" - }, - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - }, - { - "version_value" : "Android-7.0" - }, - { - "version_value" : "Android-7.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32628763." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-4.4.4" + }, + { + "version_value": "Android-5.0.2" + }, + { + "version_value": "Android-5.1.1" + }, + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + }, + { + "version_value": "Android-7.0" + }, + { + "version_value": "Android-7.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-04-01" - }, - { - "name" : "97341", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97341" - }, - { - "name" : "1038201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32628763." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-04-01" + }, + { + "name": "97341", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97341" + }, + { + "name": "1038201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038201" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0548.json b/2017/0xxx/CVE-2017-0548.json index 9e2f4dedd37..fa1cdcc26ac 100644 --- a/2017/0xxx/CVE-2017-0548.json +++ b/2017/0xxx/CVE-2017-0548.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-7.0" - }, - { - "version_value" : "Android-7.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote denial of service vulnerability in libskia could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33251605." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-7.0" + }, + { + "version_value": "Android-7.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-04-01" - }, - { - "name" : "97398", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97398" - }, - { - "name" : "1038201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote denial of service vulnerability in libskia could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33251605." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-04-01" + }, + { + "name": "97398", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97398" + }, + { + "name": "1038201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038201" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1520.json b/2017/1xxx/CVE-2017-1520.json index 88eb3c75c67..6fda84757cd 100644 --- a/2017/1xxx/CVE-2017-1520.json +++ b/2017/1xxx/CVE-2017-1520.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-09-08T00:00:00", - "ID" : "CVE-2017-1520", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DB2 for Linux, UNIX and Windows", - "version" : { - "version_data" : [ - { - "version_value" : "10.5" - }, - { - "version_value" : "10.1" - }, - { - "version_value" : "9.7" - }, - { - "version_value" : "11.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Configuration" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-09-08T00:00:00", + "ID": "CVE-2017-1520", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DB2 for Linux, UNIX and Windows", + "version": { + "version_data": [ + { + "version_value": "10.5" + }, + { + "version_value": "10.1" + }, + { + "version_value": "9.7" + }, + { + "version_value": "11.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129830", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129830" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22007186", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22007186" - }, - { - "name" : "100684", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100684" - }, - { - "name" : "1039308", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Configuration" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039308", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039308" + }, + { + "name": "100684", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100684" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129830", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129830" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22007186", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22007186" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1537.json b/2017/1xxx/CVE-2017-1537.json index 2e18561c991..393566418af 100644 --- a/2017/1xxx/CVE-2017-1537.json +++ b/2017/1xxx/CVE-2017-1537.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1537", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1537", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1588.json b/2017/1xxx/CVE-2017-1588.json index 9277bd146f4..066a689994c 100644 --- a/2017/1xxx/CVE-2017-1588.json +++ b/2017/1xxx/CVE-2017-1588.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1588", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1588", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1786.json b/2017/1xxx/CVE-2017-1786.json index 2d4540a94a3..b5c8dbf16b8 100644 --- a/2017/1xxx/CVE-2017-1786.json +++ b/2017/1xxx/CVE-2017-1786.json @@ -1,113 +1,113 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-04-17T00:00:00", - "ID" : "CVE-2017-1786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MQ", - "version" : { - "version_data" : [ - { - "version_value" : "8.0" - }, - { - "version_value" : "9.0" - }, - { - "version_value" : "9.0.1" - }, - { - "version_value" : "9.0.0.1" - }, - { - "version_value" : "9.0.2" - }, - { - "version_value" : "8.0.0.1" - }, - { - "version_value" : "8.0.0.2" - }, - { - "version_value" : "8.0.0.3" - }, - { - "version_value" : "8.0.0.4" - }, - { - "version_value" : "8.0.0.5" - }, - { - "version_value" : "8.0.0.6" - }, - { - "version_value" : "8.0.0.7" - }, - { - "version_value" : "9.0.0.2" - }, - { - "version_value" : "9.0.3" - }, - { - "version_value" : "9.0.4" - }, - { - "version_value" : "8.0.0.8" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID: 136975." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-04-17T00:00:00", + "ID": "CVE-2017-1786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MQ", + "version": { + "version_data": [ + { + "version_value": "8.0" + }, + { + "version_value": "9.0" + }, + { + "version_value": "9.0.1" + }, + { + "version_value": "9.0.0.1" + }, + { + "version_value": "9.0.2" + }, + { + "version_value": "8.0.0.1" + }, + { + "version_value": "8.0.0.2" + }, + { + "version_value": "8.0.0.3" + }, + { + "version_value": "8.0.0.4" + }, + { + "version_value": "8.0.0.5" + }, + { + "version_value": "8.0.0.6" + }, + { + "version_value": "8.0.0.7" + }, + { + "version_value": "9.0.0.2" + }, + { + "version_value": "9.0.3" + }, + { + "version_value": "9.0.4" + }, + { + "version_value": "8.0.0.8" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22013023", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22013023" - }, - { - "name" : "ibm-websphere-cve20171786-dos(136975)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/136975" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID: 136975." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22013023", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22013023" + }, + { + "name": "ibm-websphere-cve20171786-dos(136975)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136975" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1945.json b/2017/1xxx/CVE-2017-1945.json index 0f6f29d7666..063a402c22a 100644 --- a/2017/1xxx/CVE-2017-1945.json +++ b/2017/1xxx/CVE-2017-1945.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1945", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1945", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5187.json b/2017/5xxx/CVE-2017-5187.json index 5d33f6bf2c2..cc373f61e0b 100644 --- a/2017/5xxx/CVE-2017-5187.json +++ b/2017/5xxx/CVE-2017-5187.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "DATE_PUBLIC" : "2017-08-19T00:00:00", - "ID" : "CVE-2017-5187", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Micro Focus Enterprise Developer, Micro Focus Enterprise Server", - "version" : { - "version_data" : [ - { - "version_value" : "2.3 before 2.3 Update 1, 2.3 Update 1 before Hotfix 8, 2.3 Update 2 before Hotfix 9" - } - ] - } - } - ] - }, - "vendor_name" : "Micro Focus" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Request Forgery (CWE-352) and Remote Code Execution (CWE-78)" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2017-08-19T00:00:00", + "ID": "CVE-2017-5187", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Micro Focus Enterprise Developer, Micro Focus Enterprise Server", + "version": { + "version_data": [ + { + "version_value": "2.3 before 2.3 Update 1, 2.3 Update 1 before Hotfix 8, 2.3 Update 2 before Hotfix 9" + } + ] + } + } + ] + }, + "vendor_name": "Micro Focus" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017", - "refsource" : "MISC", - "url" : "https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CWE-352) and Remote Code Execution (CWE-78)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017", + "refsource": "MISC", + "url": "https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5262.json b/2017/5xxx/CVE-2017-5262.json index 4a64f6ec0a8..b9b946afc82 100644 --- a/2017/5xxx/CVE-2017-5262.json +++ b/2017/5xxx/CVE-2017-5262.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@rapid7.com", - "ID" : "CVE-2017-5262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "cnPilot", - "version" : { - "version_data" : [ - { - "version_value" : "4.3.2-R4 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Cambium Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200 (Information Exposure)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@rapid7.com", + "ID": "CVE-2017-5262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "cnPilot", + "version": { + "version_data": [ + { + "version_value": "4.3.2-R4 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Cambium Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 (Information Exposure)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5299.json b/2017/5xxx/CVE-2017-5299.json index 537436a692d..2486ae80935 100644 --- a/2017/5xxx/CVE-2017-5299.json +++ b/2017/5xxx/CVE-2017-5299.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5299", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5299", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5306.json b/2017/5xxx/CVE-2017-5306.json index baf59f11526..36bc538d407 100644 --- a/2017/5xxx/CVE-2017-5306.json +++ b/2017/5xxx/CVE-2017-5306.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5306", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5306", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5911.json b/2017/5xxx/CVE-2017-5911.json index 4de8af6a8a0..0edf1023609 100644 --- a/2017/5xxx/CVE-2017-5911.json +++ b/2017/5xxx/CVE-2017-5911.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5925.json b/2017/5xxx/CVE-2017-5925.json index 1baf69913f0..2340c24119b 100644 --- a/2017/5xxx/CVE-2017-5925.json +++ b/2017/5xxx/CVE-2017-5925.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf", - "refsource" : "MISC", - "url" : "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf" - }, - { - "name" : "https://www.vusec.net/projects/anc", - "refsource" : "MISC", - "url" : "https://www.vusec.net/projects/anc" - }, - { - "name" : "96452", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96452", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96452" + }, + { + "name": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf", + "refsource": "MISC", + "url": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf" + }, + { + "name": "https://www.vusec.net/projects/anc", + "refsource": "MISC", + "url": "https://www.vusec.net/projects/anc" + } + ] + } +} \ No newline at end of file