From 193e4e0b438053d691c568d252eb0586e7f0439d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:17:49 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/2xxx/CVE-2006-2006.json | 160 +++++++------- 2006/2xxx/CVE-2006-2810.json | 170 +++++++------- 2006/3xxx/CVE-2006-3011.json | 270 +++++++++++------------ 2006/3xxx/CVE-2006-3320.json | 240 ++++++++++---------- 2006/3xxx/CVE-2006-3884.json | 200 ++++++++--------- 2006/4xxx/CVE-2006-4606.json | 260 +++++++++++----------- 2006/6xxx/CVE-2006-6514.json | 200 ++++++++--------- 2006/6xxx/CVE-2006-6645.json | 150 ++++++------- 2006/6xxx/CVE-2006-6676.json | 180 +++++++-------- 2006/6xxx/CVE-2006-6931.json | 270 +++++++++++------------ 2006/7xxx/CVE-2006-7227.json | 390 ++++++++++++++++----------------- 2010/2xxx/CVE-2010-2922.json | 150 ++++++------- 2011/0xxx/CVE-2011-0351.json | 34 +-- 2011/0xxx/CVE-2011-0421.json | 390 ++++++++++++++++----------------- 2011/0xxx/CVE-2011-0439.json | 170 +++++++------- 2011/0xxx/CVE-2011-0554.json | 150 ++++++------- 2011/0xxx/CVE-2011-0859.json | 120 +++++----- 2011/0xxx/CVE-2011-0976.json | 200 ++++++++--------- 2011/1xxx/CVE-2011-1066.json | 160 +++++++------- 2011/1xxx/CVE-2011-1365.json | 34 +-- 2011/1xxx/CVE-2011-1454.json | 150 ++++++------- 2011/1xxx/CVE-2011-1567.json | 230 +++++++++---------- 2011/1xxx/CVE-2011-1801.json | 150 ++++++------- 2011/1xxx/CVE-2011-1869.json | 180 +++++++-------- 2011/3xxx/CVE-2011-3141.json | 150 ++++++------- 2011/4xxx/CVE-2011-4230.json | 34 +-- 2011/4xxx/CVE-2011-4266.json | 140 ++++++------ 2011/4xxx/CVE-2011-4364.json | 230 +++++++++---------- 2011/4xxx/CVE-2011-4603.json | 190 ++++++++-------- 2011/4xxx/CVE-2011-4960.json | 160 +++++++------- 2011/5xxx/CVE-2011-5278.json | 160 +++++++------- 2013/5xxx/CVE-2013-5297.json | 34 +-- 2013/5xxx/CVE-2013-5710.json | 160 +++++++------- 2014/2xxx/CVE-2014-2008.json | 170 +++++++------- 2014/2xxx/CVE-2014-2126.json | 120 +++++----- 2014/2xxx/CVE-2014-2165.json | 120 +++++----- 2014/2xxx/CVE-2014-2603.json | 130 +++++------ 2014/2xxx/CVE-2014-2914.json | 34 +-- 2014/3xxx/CVE-2014-3897.json | 140 ++++++------ 2014/6xxx/CVE-2014-6320.json | 34 +-- 2014/6xxx/CVE-2014-6450.json | 130 +++++------ 2014/6xxx/CVE-2014-6528.json | 130 +++++------ 2014/6xxx/CVE-2014-6677.json | 140 ++++++------ 2014/6xxx/CVE-2014-6797.json | 140 ++++++------ 2014/6xxx/CVE-2014-6804.json | 140 ++++++------ 2014/7xxx/CVE-2014-7111.json | 140 ++++++------ 2014/7xxx/CVE-2014-7290.json | 150 ++++++------- 2014/7xxx/CVE-2014-7354.json | 140 ++++++------ 2014/7xxx/CVE-2014-7372.json | 140 ++++++------ 2014/7xxx/CVE-2014-7413.json | 140 ++++++------ 2014/7xxx/CVE-2014-7862.json | 190 ++++++++-------- 2017/0xxx/CVE-2017-0044.json | 34 +-- 2017/0xxx/CVE-2017-0141.json | 140 ++++++------ 2017/0xxx/CVE-2017-0380.json | 150 ++++++------- 2017/0xxx/CVE-2017-0869.json | 142 ++++++------ 2017/0xxx/CVE-2017-0885.json | 130 +++++------ 2017/18xxx/CVE-2017-18015.json | 150 ++++++------- 2017/1xxx/CVE-2017-1432.json | 34 +-- 2017/1xxx/CVE-2017-1531.json | 274 +++++++++++------------ 2017/5xxx/CVE-2017-5292.json | 34 +-- 2017/5xxx/CVE-2017-5312.json | 34 +-- 2017/5xxx/CVE-2017-5701.json | 132 +++++------ 2017/5xxx/CVE-2017-5708.json | 182 +++++++-------- 2017/5xxx/CVE-2017-5999.json | 150 ++++++------- 64 files changed, 4890 insertions(+), 4890 deletions(-) diff --git a/2006/2xxx/CVE-2006-2006.json b/2006/2xxx/CVE-2006-2006.json index edb0e18f8dc..70cf47920ae 100644 --- a/2006/2xxx/CVE-2006-2006.json +++ b/2006/2xxx/CVE-2006-2006.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in IZArc Archiver 3.5 beta 3 allow remote attackers to write arbitrary files via a ..\\ (dot dot backslash) in a (1) .rar, (2) .tar, (3) .zip, (4) .jar, or (5) .gz archive. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17664", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17664" - }, - { - "name" : "ADV-2006-1488", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1488" - }, - { - "name" : "24895", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24895" - }, - { - "name" : "19791", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19791" - }, - { - "name" : "izarc-extract-directory-traversal(26039)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26039" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in IZArc Archiver 3.5 beta 3 allow remote attackers to write arbitrary files via a ..\\ (dot dot backslash) in a (1) .rar, (2) .tar, (3) .zip, (4) .jar, or (5) .gz archive. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24895", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24895" + }, + { + "name": "19791", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19791" + }, + { + "name": "17664", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17664" + }, + { + "name": "ADV-2006-1488", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1488" + }, + { + "name": "izarc-extract-directory-traversal(26039)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26039" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2810.json b/2006/2xxx/CVE-2006-2810.json index 6dc93ac3b06..474c2b8316b 100644 --- a/2006/2xxx/CVE-2006-2810.json +++ b/2006/2xxx/CVE-2006-2810.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundry vCard 2.9 allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) toprated.php and (2) newcards.php. NOTE: the card_id vector is already covered by CVE-2006-1230." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060527 multiple Xss exploits in : vCard 2.9", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435310/100/0/threaded" - }, - { - "name" : "1016183", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016183" - }, - { - "name" : "19216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19216" - }, - { - "name" : "1034", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1034" - }, - { - "name" : "571", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/571" - }, - { - "name" : "vcard-multiple-xss(26838)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26838" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundry vCard 2.9 allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) toprated.php and (2) newcards.php. NOTE: the card_id vector is already covered by CVE-2006-1230." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1034", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1034" + }, + { + "name": "vcard-multiple-xss(26838)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26838" + }, + { + "name": "1016183", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016183" + }, + { + "name": "20060527 multiple Xss exploits in : vCard 2.9", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435310/100/0/threaded" + }, + { + "name": "19216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19216" + }, + { + "name": "571", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/571" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3011.json b/2006/3xxx/CVE-2006-3011.json index a8b0d735fd0..59eaf473409 100644 --- a/2006/3xxx/CVE-2006-3011.json +++ b/2006/3xxx/CVE-2006-3011.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a \"php://\" or other scheme in the third argument, which disables safe mode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060625 error_log() Safe Mode Bypass PHP 5.1.4 and 4.4.2", - "refsource" : "SREASONRES", - "url" : "http://securityreason.com/achievement_securityalert/41" - }, - { - "name" : "http://www.php.net/release_5_1_5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/release_5_1_5.php" - }, - { - "name" : "MDKSA-2006:122", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122" - }, - { - "name" : "http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.543.2.51.2.9&r2=1.543.2.51.2.10&pathrev=PHP_4_4&diff_format=u", - "refsource" : "CONFIRM", - "url" : "http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.543.2.51.2.9&r2=1.543.2.51.2.10&pathrev=PHP_4_4&diff_format=u" - }, - { - "name" : "http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?diff_format=u&view=log&pathrev=PHP_4_4", - "refsource" : "CONFIRM", - "url" : "http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?diff_format=u&view=log&pathrev=PHP_4_4" - }, - { - "name" : "USN-320-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-320-1" - }, - { - "name" : "18645", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18645" - }, - { - "name" : "ADV-2006-2523", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2523" - }, - { - "name" : "26827", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26827" - }, - { - "name" : "1016377", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016377" - }, - { - "name" : "20818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20818" - }, - { - "name" : "21050", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21050" - }, - { - "name" : "21546", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21546" - }, - { - "name" : "21125", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21125" - }, - { - "name" : "1129", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1129" - }, - { - "name" : "php-errorlog-safe-mode-bypass(27414)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27414" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a \"php://\" or other scheme in the third argument, which disables safe mode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.php.net/release_5_1_5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/release_5_1_5.php" + }, + { + "name": "1016377", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016377" + }, + { + "name": "21050", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21050" + }, + { + "name": "php-errorlog-safe-mode-bypass(27414)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27414" + }, + { + "name": "1129", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1129" + }, + { + "name": "http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.543.2.51.2.9&r2=1.543.2.51.2.10&pathrev=PHP_4_4&diff_format=u", + "refsource": "CONFIRM", + "url": "http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.543.2.51.2.9&r2=1.543.2.51.2.10&pathrev=PHP_4_4&diff_format=u" + }, + { + "name": "21546", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21546" + }, + { + "name": "ADV-2006-2523", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2523" + }, + { + "name": "USN-320-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-320-1" + }, + { + "name": "MDKSA-2006:122", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122" + }, + { + "name": "21125", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21125" + }, + { + "name": "http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?diff_format=u&view=log&pathrev=PHP_4_4", + "refsource": "CONFIRM", + "url": "http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?diff_format=u&view=log&pathrev=PHP_4_4" + }, + { + "name": "20818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20818" + }, + { + "name": "26827", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26827" + }, + { + "name": "18645", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18645" + }, + { + "name": "20060625 error_log() Safe Mode Bypass PHP 5.1.4 and 4.4.2", + "refsource": "SREASONRES", + "url": "http://securityreason.com/achievement_securityalert/41" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3320.json b/2006/3xxx/CVE-2006-3320.json index 0997de5b97a..9b801eea04b 100644 --- a/2006/3xxx/CVE-2006-3320.json +++ b/2006/3xxx/CVE-2006-3320.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060627 [Kurdish Security # 11] SiteBar Cross-Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438464/100/0/threaded" - }, - { - "name" : "20071018 Serious holes affecting SiteBar 3.3.8", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482499/100/0/threaded" - }, - { - "name" : "http://kurdishsecurity.blogspot.com/2006/06/kurdish-security-11-sitebar-cross-site.html", - "refsource" : "MISC", - "url" : "http://kurdishsecurity.blogspot.com/2006/06/kurdish-security-11-sitebar-cross-site.html" - }, - { - "name" : "http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup", - "refsource" : "CONFIRM", - "url" : "http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup" - }, - { - "name" : "DSA-1130", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1130" - }, - { - "name" : "18680", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18680" - }, - { - "name" : "26126", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26126" - }, - { - "name" : "ADV-2006-2568", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2568" - }, - { - "name" : "26869", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26869" - }, - { - "name" : "20841", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20841" - }, - { - "name" : "21248", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21248" - }, - { - "name" : "1174", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1174" - }, - { - "name" : "sitebar-command-xss(27421)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2568", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2568" + }, + { + "name": "20071018 Serious holes affecting SiteBar 3.3.8", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482499/100/0/threaded" + }, + { + "name": "1174", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1174" + }, + { + "name": "sitebar-command-xss(27421)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27421" + }, + { + "name": "DSA-1130", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1130" + }, + { + "name": "http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup", + "refsource": "CONFIRM", + "url": "http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup" + }, + { + "name": "20060627 [Kurdish Security # 11] SiteBar Cross-Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438464/100/0/threaded" + }, + { + "name": "26126", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26126" + }, + { + "name": "http://kurdishsecurity.blogspot.com/2006/06/kurdish-security-11-sitebar-cross-site.html", + "refsource": "MISC", + "url": "http://kurdishsecurity.blogspot.com/2006/06/kurdish-security-11-sitebar-cross-site.html" + }, + { + "name": "18680", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18680" + }, + { + "name": "21248", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21248" + }, + { + "name": "26869", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26869" + }, + { + "name": "20841", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20841" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3884.json b/2006/3xxx/CVE-2006-3884.json index 6c6561660dd..31a53c1a9b5 100644 --- a/2006/3xxx/CVE-2006-3884.json +++ b/2006/3xxx/CVE-2006-3884.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in links.php in Gonafish LinksCaffe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) offset and (2) limit parameters, (3) newdays parameter in a new action, and the (4) link_id parameter in a deadlink action. NOTE: this issue can also be used for path disclosure by a forced SQL error, or to modify PHP files using OUTFILE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060725 LinksCaffe 3.0 SQL injection/Command Execution Vulnerabilties", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441087/100/0/threaded" - }, - { - "name" : "19149", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19149" - }, - { - "name" : "ADV-2006-2983", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2983" - }, - { - "name" : "27518", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27518" - }, - { - "name" : "1016584", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016584" - }, - { - "name" : "21212", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21212" - }, - { - "name" : "1287", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1287" - }, - { - "name" : "linkscaffe-links-path-disclosure(27962)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27962" - }, - { - "name" : "linkscaffe-links-sql-injection(27961)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27961" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in links.php in Gonafish LinksCaffe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) offset and (2) limit parameters, (3) newdays parameter in a new action, and the (4) link_id parameter in a deadlink action. NOTE: this issue can also be used for path disclosure by a forced SQL error, or to modify PHP files using OUTFILE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "linkscaffe-links-path-disclosure(27962)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27962" + }, + { + "name": "19149", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19149" + }, + { + "name": "27518", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27518" + }, + { + "name": "21212", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21212" + }, + { + "name": "ADV-2006-2983", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2983" + }, + { + "name": "20060725 LinksCaffe 3.0 SQL injection/Command Execution Vulnerabilties", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441087/100/0/threaded" + }, + { + "name": "1287", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1287" + }, + { + "name": "1016584", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016584" + }, + { + "name": "linkscaffe-links-sql-injection(27961)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27961" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4606.json b/2006/4xxx/CVE-2006-4606.json index 0ef4923b220..ae13023f617 100644 --- a/2006/4xxx/CVE-2006-4606.json +++ b/2006/4xxx/CVE-2006-4606.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) id_temas parameter in busqueda_tema.php, the (2) cadena parameter in busqueda.php, the (3) id_autor parameter in autor.php, the (4) email parameter in lista.php, and the (5) id_articulo parameter in articulo.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060902 PHP-Revista Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445007/100/0/threaded" - }, - { - "name" : "20090413 Re: PHP-Revista Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502637/100/0/threaded" - }, - { - "name" : "3538", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3538" - }, - { - "name" : "8425", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8425" - }, - { - "name" : "20090415 PHP-Revista 1.1.2 (RFI/SQLi/CB/XSS) Multiple Remote Vulnerabilities", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2009-April/002167.html" - }, - { - "name" : "23079", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23079" - }, - { - "name" : "19818", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19818" - }, - { - "name" : "28445", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28445" - }, - { - "name" : "28446", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28446" - }, - { - "name" : "28447", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28447" - }, - { - "name" : "28448", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28448" - }, - { - "name" : "28451", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28451" - }, - { - "name" : "28452", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28452" - }, - { - "name" : "21738", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21738" - }, - { - "name" : "1499", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1499" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) id_temas parameter in busqueda_tema.php, the (2) cadena parameter in busqueda.php, the (3) id_autor parameter in autor.php, the (4) email parameter in lista.php, and the (5) id_articulo parameter in articulo.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19818", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19818" + }, + { + "name": "8425", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8425" + }, + { + "name": "3538", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3538" + }, + { + "name": "28452", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28452" + }, + { + "name": "28446", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28446" + }, + { + "name": "28447", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28447" + }, + { + "name": "20090413 Re: PHP-Revista Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502637/100/0/threaded" + }, + { + "name": "1499", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1499" + }, + { + "name": "28445", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28445" + }, + { + "name": "20060902 PHP-Revista Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445007/100/0/threaded" + }, + { + "name": "20090415 PHP-Revista 1.1.2 (RFI/SQLi/CB/XSS) Multiple Remote Vulnerabilities", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2009-April/002167.html" + }, + { + "name": "28448", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28448" + }, + { + "name": "21738", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21738" + }, + { + "name": "28451", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28451" + }, + { + "name": "23079", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23079" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6514.json b/2006/6xxx/CVE-2006-6514.json index 265c4351efc..898d3aed6c1 100644 --- a/2006/6xxx/CVE-2006-6514.json +++ b/2006/6xxx/CVE-2006-6514.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Winamp Web Interface (Wawi) 7.5.13 and earlier uses an insufficient comparison to determine whether a directory is located below the application's root directory, which allows remote authenticated users to access certain other directories if the name of the root directory is a substring of the name of the target directory, as demonstrated by accessing C:\\folder2 when the root directory is C:\\folder." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061210 Multiple vulnerabilities in Winamp Web Interface 7.5.13", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454059/100/0/threaded" - }, - { - "name" : "20061210 Multiple vulnerabilities in Winamp Web Interface 7.5.13", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051217.html" - }, - { - "name" : "http://aluigi.altervista.org/adv/wawix-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/wawix-adv.txt" - }, - { - "name" : "21539", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21539" - }, - { - "name" : "ADV-2006-4935", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4935" - }, - { - "name" : "1017362", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017362" - }, - { - "name" : "23292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23292" - }, - { - "name" : "2032", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2032" - }, - { - "name" : "winampwi-multiple-information-disclosure(30830)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30830" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Winamp Web Interface (Wawi) 7.5.13 and earlier uses an insufficient comparison to determine whether a directory is located below the application's root directory, which allows remote authenticated users to access certain other directories if the name of the root directory is a substring of the name of the target directory, as demonstrated by accessing C:\\folder2 when the root directory is C:\\folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061210 Multiple vulnerabilities in Winamp Web Interface 7.5.13", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454059/100/0/threaded" + }, + { + "name": "23292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23292" + }, + { + "name": "winampwi-multiple-information-disclosure(30830)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30830" + }, + { + "name": "1017362", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017362" + }, + { + "name": "21539", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21539" + }, + { + "name": "20061210 Multiple vulnerabilities in Winamp Web Interface 7.5.13", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051217.html" + }, + { + "name": "ADV-2006-4935", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4935" + }, + { + "name": "2032", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2032" + }, + { + "name": "http://aluigi.altervista.org/adv/wawix-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/wawix-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6645.json b/2006/6xxx/CVE-2006-6645.json index 9d28f579a0f..87bdd4ba04d 100644 --- a/2006/6xxx/CVE-2006-6645.json +++ b/2006/6xxx/CVE-2006-6645.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in language/lang_english/lang_admin.php in the Web Links (mx_links) 2.05 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2939", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2939" - }, - { - "name" : "21622", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21622" - }, - { - "name" : "ADV-2006-5034", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5034" - }, - { - "name" : "mxbb-weblinks-lang-file-include(30915)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in language/lang_english/lang_admin.php in the Web Links (mx_links) 2.05 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21622", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21622" + }, + { + "name": "ADV-2006-5034", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5034" + }, + { + "name": "mxbb-weblinks-lang-file-include(30915)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30915" + }, + { + "name": "2939", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2939" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6676.json b/2006/6xxx/CVE-2006-6676.json index d8cc3efb9bf..2b7710b87d9 100644 --- a/2006/6xxx/CVE-2006-6676.json +++ b/2006/6xxx/CVE-2006-6676.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6676", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the (a) OLE2 and (b) CHM parsers for ESET NOD32 Antivirus before 1.1743 allows remote attackers to execute arbitrary code via a crafted (1) .DOC or (2) .CAB file that triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061220 NOD32 Antivirus DOC parsing Arbitrary Code Execution Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454949/100/0/threaded" - }, - { - "name" : "20061221 NOD32 Antivirus CAB parsing Arbitrary Code Execution Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455045/100/0/threaded" - }, - { - "name" : "http://eset.com/support/updates.php?pageno=63", - "refsource" : "CONFIRM", - "url" : "http://eset.com/support/updates.php?pageno=63" - }, - { - "name" : "21682", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21682" - }, - { - "name" : "ADV-2006-5095", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5095" - }, - { - "name" : "23459", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23459" - }, - { - "name" : "2079", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2079" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the (a) OLE2 and (b) CHM parsers for ESET NOD32 Antivirus before 1.1743 allows remote attackers to execute arbitrary code via a crafted (1) .DOC or (2) .CAB file that triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061221 NOD32 Antivirus CAB parsing Arbitrary Code Execution Advisory", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455045/100/0/threaded" + }, + { + "name": "20061220 NOD32 Antivirus DOC parsing Arbitrary Code Execution Advisory", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454949/100/0/threaded" + }, + { + "name": "ADV-2006-5095", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5095" + }, + { + "name": "2079", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2079" + }, + { + "name": "http://eset.com/support/updates.php?pageno=63", + "refsource": "CONFIRM", + "url": "http://eset.com/support/updates.php?pageno=63" + }, + { + "name": "23459", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23459" + }, + { + "name": "21682", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21682" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6931.json b/2006/6xxx/CVE-2006-6931.json index 08ff232803c..5a3a7d3617d 100644 --- a/2006/6xxx/CVE-2006-6931.json +++ b/2006/6xxx/CVE-2006-6931.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Algorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a \"backtracking attack.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dailydave] 20070110 Algorithmic Bugs", - "refsource" : "MLIST", - "url" : "http://lists.immunitysec.com/pipermail/dailydave/2007-January/003954.html" - }, - { - "name" : "http://www.acsac.org/2006/abstracts/54.html", - "refsource" : "MISC", - "url" : "http://www.acsac.org/2006/abstracts/54.html" - }, - { - "name" : "http://www.acsac.org/2006/advance_program.html", - "refsource" : "MISC", - "url" : "http://www.acsac.org/2006/advance_program.html" - }, - { - "name" : "http://www.acsac.org/2006/papers/54.pdf", - "refsource" : "MISC", - "url" : "http://www.acsac.org/2006/papers/54.pdf" - }, - { - "name" : "http://www.cs.wisc.edu/~smithr/pubs/acsac2006.pdf", - "refsource" : "MISC", - "url" : "http://www.cs.wisc.edu/~smithr/pubs/acsac2006.pdf" - }, - { - "name" : "http://www.cs.wisc.edu/~smithr/pubs/randy_smith_acsac2006.zip", - "refsource" : "MISC", - "url" : "http://www.cs.wisc.edu/~smithr/pubs/randy_smith_acsac2006.zip" - }, - { - "name" : "http://www.snort.org/pub-bin/snortnews.cgi", - "refsource" : "CONFIRM", - "url" : "http://www.snort.org/pub-bin/snortnews.cgi" - }, - { - "name" : "GLSA-200702-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200702-03.xml" - }, - { - "name" : "MDKSA-2007:051", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:051" - }, - { - "name" : "21991", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21991" - }, - { - "name" : "32096", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/32096" - }, - { - "name" : "1017508", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017508" - }, - { - "name" : "23716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23716" - }, - { - "name" : "24164", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24164" - }, - { - "name" : "24338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24338" - }, - { - "name" : "snort-rule-matching-dos(31430)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31430" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Algorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a \"backtracking attack.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21991", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21991" + }, + { + "name": "http://www.cs.wisc.edu/~smithr/pubs/randy_smith_acsac2006.zip", + "refsource": "MISC", + "url": "http://www.cs.wisc.edu/~smithr/pubs/randy_smith_acsac2006.zip" + }, + { + "name": "[dailydave] 20070110 Algorithmic Bugs", + "refsource": "MLIST", + "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/003954.html" + }, + { + "name": "24164", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24164" + }, + { + "name": "24338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24338" + }, + { + "name": "snort-rule-matching-dos(31430)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31430" + }, + { + "name": "32096", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/32096" + }, + { + "name": "23716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23716" + }, + { + "name": "1017508", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017508" + }, + { + "name": "GLSA-200702-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200702-03.xml" + }, + { + "name": "http://www.cs.wisc.edu/~smithr/pubs/acsac2006.pdf", + "refsource": "MISC", + "url": "http://www.cs.wisc.edu/~smithr/pubs/acsac2006.pdf" + }, + { + "name": "MDKSA-2007:051", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:051" + }, + { + "name": "http://www.acsac.org/2006/advance_program.html", + "refsource": "MISC", + "url": "http://www.acsac.org/2006/advance_program.html" + }, + { + "name": "http://www.acsac.org/2006/papers/54.pdf", + "refsource": "MISC", + "url": "http://www.acsac.org/2006/papers/54.pdf" + }, + { + "name": "http://www.acsac.org/2006/abstracts/54.html", + "refsource": "MISC", + "url": "http://www.acsac.org/2006/abstracts/54.html" + }, + { + "name": "http://www.snort.org/pub-bin/snortnews.cgi", + "refsource": "CONFIRM", + "url": "http://www.snort.org/pub-bin/snortnews.cgi" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7227.json b/2006/7xxx/CVE-2006-7227.json index 0b42f5625d1..d0af9dbcd70 100644 --- a/2006/7xxx/CVE-2006-7227.json +++ b/2006/7xxx/CVE-2006-7227.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7227", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-7227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://scary.beasts.org/security/CESA-2007-006.html", - "refsource" : "MISC", - "url" : "http://scary.beasts.org/security/CESA-2007-006.html" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=198976", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=198976" - }, - { - "name" : "http://www.pcre.org/changelog.txt", - "refsource" : "CONFIRM", - "url" : "http://www.pcre.org/changelog.txt" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm" - }, - { - "name" : "DSA-1570", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1570" - }, - { - "name" : "GLSA-200711-30", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200711-30.xml" - }, - { - "name" : "GLSA-200801-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200801-02.xml" - }, - { - "name" : "GLSA-200801-18", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200801-18.xml" - }, - { - "name" : "GLSA-200801-19", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200801-19.xml" - }, - { - "name" : "GLSA-200805-11", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200805-11.xml" - }, - { - "name" : "MDVSA-2008:030", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030" - }, - { - "name" : "RHSA-2007:1052", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-1052.html" - }, - { - "name" : "SUSE-SA:2007:062", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_62_pcre.html" - }, - { - "name" : "SUSE-SA:2008:004", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html" - }, - { - "name" : "26462", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26462" - }, - { - "name" : "oval:org.mitre.oval:def:10408", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10408" - }, - { - "name" : "27582", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27582" - }, - { - "name" : "27741", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27741" - }, - { - "name" : "27773", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27773" - }, - { - "name" : "27869", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27869" - }, - { - "name" : "28406", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28406" - }, - { - "name" : "28414", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28414" - }, - { - "name" : "28658", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28658" - }, - { - "name" : "28714", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28714" - }, - { - "name" : "28720", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28720" - }, - { - "name" : "30155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30155" - }, - { - "name" : "30219", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30219" - }, - { - "name" : "30106", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30219", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30219" + }, + { + "name": "GLSA-200711-30", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200711-30.xml" + }, + { + "name": "oval:org.mitre.oval:def:10408", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10408" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-493.htm" + }, + { + "name": "MDVSA-2008:030", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:030" + }, + { + "name": "DSA-1570", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1570" + }, + { + "name": "SUSE-SA:2008:004", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html" + }, + { + "name": "28658", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28658" + }, + { + "name": "27773", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27773" + }, + { + "name": "28406", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28406" + }, + { + "name": "26462", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26462" + }, + { + "name": "GLSA-200805-11", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200805-11.xml" + }, + { + "name": "RHSA-2007:1052", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-1052.html" + }, + { + "name": "27741", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27741" + }, + { + "name": "SUSE-SA:2007:062", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_62_pcre.html" + }, + { + "name": "http://www.pcre.org/changelog.txt", + "refsource": "CONFIRM", + "url": "http://www.pcre.org/changelog.txt" + }, + { + "name": "30155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30155" + }, + { + "name": "27869", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27869" + }, + { + "name": "28720", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28720" + }, + { + "name": "GLSA-200801-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200801-02.xml" + }, + { + "name": "27582", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27582" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=198976", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=198976" + }, + { + "name": "http://scary.beasts.org/security/CESA-2007-006.html", + "refsource": "MISC", + "url": "http://scary.beasts.org/security/CESA-2007-006.html" + }, + { + "name": "GLSA-200801-19", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200801-19.xml" + }, + { + "name": "GLSA-200801-18", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200801-18.xml" + }, + { + "name": "28414", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28414" + }, + { + "name": "30106", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30106" + }, + { + "name": "28714", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28714" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2922.json b/2010/2xxx/CVE-2010-2922.json index 99919d250e3..6a0d230073d 100644 --- a/2010/2xxx/CVE-2010-2922.json +++ b/2010/2xxx/CVE-2010-2922.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in default.asp in AKY Blog allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14461", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14461" - }, - { - "name" : "http://packetstormsecurity.org/1007-exploits/akyblog-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1007-exploits/akyblog-sql.txt" - }, - { - "name" : "40746", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40746" - }, - { - "name" : "akyblog-default-sql-injection(60617)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in default.asp in AKY Blog allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40746", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40746" + }, + { + "name": "http://packetstormsecurity.org/1007-exploits/akyblog-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1007-exploits/akyblog-sql.txt" + }, + { + "name": "akyblog-default-sql-injection(60617)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60617" + }, + { + "name": "14461", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14461" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0351.json b/2011/0xxx/CVE-2011-0351.json index ea7ec12318b..1c335a118b4 100644 --- a/2011/0xxx/CVE-2011-0351.json +++ b/2011/0xxx/CVE-2011-0351.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0351", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0351", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0421.json b/2011/0xxx/CVE-2011-0421.json index b415055784e..da6aaaf0bd0 100644 --- a/2011/0xxx/CVE-2011-0421.json +++ b/2011/0xxx/CVE-2011-0421.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-0421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110318 libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)", - "refsource" : "SREASONRES", - "url" : "http://securityreason.com/achievement_securityalert/96" - }, - { - "name" : "20110318 libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517065/100/0/threaded" - }, - { - "name" : "17004", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17004" - }, - { - "name" : "http://bugs.php.net/bug.php?id=53885", - "refsource" : "CONFIRM", - "url" : "http://bugs.php.net/bug.php?id=53885" - }, - { - "name" : "http://svn.php.net/viewvc/?view=revision&revision=307867", - "refsource" : "CONFIRM", - "url" : "http://svn.php.net/viewvc/?view=revision&revision=307867" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "http://www.php.net/archive/2011.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/archive/2011.php" - }, - { - "name" : "http://www.php.net/releases/5_3_6.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/releases/5_3_6.php" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=688735", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=688735" - }, - { - "name" : "http://support.apple.com/kb/HT5002", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5002" - }, - { - "name" : "APPLE-SA-2011-10-12-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" - }, - { - "name" : "DSA-2266", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2266" - }, - { - "name" : "FEDORA-2011-3614", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html" - }, - { - "name" : "FEDORA-2011-3636", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html" - }, - { - "name" : "FEDORA-2011-3666", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html" - }, - { - "name" : "HPSBOV02763", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2" - }, - { - "name" : "SSRT100826", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2" - }, - { - "name" : "MDVSA-2011:052", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:052" - }, - { - "name" : "MDVSA-2011:053", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:053" - }, - { - "name" : "MDVSA-2011:099", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:099" - }, - { - "name" : "SUSE-SR:2011:009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" - }, - { - "name" : "46354", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46354" - }, - { - "name" : "43621", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43621" - }, - { - "name" : "8146", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8146" - }, - { - "name" : "ADV-2011-0744", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0744" - }, - { - "name" : "ADV-2011-0764", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0764" - }, - { - "name" : "ADV-2011-0890", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0890" - }, - { - "name" : "libzip-zipnamelocate-dos(66173)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66173" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:099", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:099" + }, + { + "name": "HPSBOV02763", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2" + }, + { + "name": "SUSE-SR:2011:009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" + }, + { + "name": "FEDORA-2011-3636", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html" + }, + { + "name": "ADV-2011-0764", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0764" + }, + { + "name": "FEDORA-2011-3614", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html" + }, + { + "name": "8146", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8146" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=688735", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688735" + }, + { + "name": "43621", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43621" + }, + { + "name": "MDVSA-2011:053", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:053" + }, + { + "name": "DSA-2266", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2266" + }, + { + "name": "ADV-2011-0890", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0890" + }, + { + "name": "libzip-zipnamelocate-dos(66173)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66173" + }, + { + "name": "http://www.php.net/releases/5_3_6.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/releases/5_3_6.php" + }, + { + "name": "http://svn.php.net/viewvc/?view=revision&revision=307867", + "refsource": "CONFIRM", + "url": "http://svn.php.net/viewvc/?view=revision&revision=307867" + }, + { + "name": "20110318 libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)", + "refsource": "SREASONRES", + "url": "http://securityreason.com/achievement_securityalert/96" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "http://www.php.net/archive/2011.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/archive/2011.php" + }, + { + "name": "SSRT100826", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2" + }, + { + "name": "APPLE-SA-2011-10-12-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" + }, + { + "name": "20110318 libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517065/100/0/threaded" + }, + { + "name": "17004", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17004" + }, + { + "name": "FEDORA-2011-3666", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html" + }, + { + "name": "MDVSA-2011:052", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:052" + }, + { + "name": "ADV-2011-0744", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0744" + }, + { + "name": "46354", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46354" + }, + { + "name": "http://support.apple.com/kb/HT5002", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5002" + }, + { + "name": "http://bugs.php.net/bug.php?id=53885", + "refsource": "CONFIRM", + "url": "http://bugs.php.net/bug.php?id=53885" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0439.json b/2011/0xxx/CVE-2011-0439.json index 3e51cf157fd..a085796b216 100644 --- a/2011/0xxx/CVE-2011-0439.json +++ b/2011/0xxx/CVE-2011-0439.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0439", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the Pieforms select box." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://mahara.org/interaction/forum/topic.php?id=3205", - "refsource" : "CONFIRM", - "url" : "http://mahara.org/interaction/forum/topic.php?id=3205" - }, - { - "name" : "http://mahara.org/interaction/forum/topic.php?id=3208", - "refsource" : "CONFIRM", - "url" : "http://mahara.org/interaction/forum/topic.php?id=3208" - }, - { - "name" : "DSA-2206", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2206" - }, - { - "name" : "47033", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47033" - }, - { - "name" : "43858", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43858" - }, - { - "name" : "mahara-pieform-xss(66327)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66327" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the Pieforms select box." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://mahara.org/interaction/forum/topic.php?id=3208", + "refsource": "CONFIRM", + "url": "http://mahara.org/interaction/forum/topic.php?id=3208" + }, + { + "name": "DSA-2206", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2206" + }, + { + "name": "47033", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47033" + }, + { + "name": "http://mahara.org/interaction/forum/topic.php?id=3205", + "refsource": "CONFIRM", + "url": "http://mahara.org/interaction/forum/topic.php?id=3205" + }, + { + "name": "mahara-pieform-xss(66327)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66327" + }, + { + "name": "43858", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43858" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0554.json b/2011/0xxx/CVE-2011-0554.json index d9fd41f3299..3704a75a634 100644 --- a/2011/0xxx/CVE-2011-0554.json +++ b/2011/0xxx/CVE-2011-0554.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary code via unspecified vectors, related to a \"code injection issue.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110929_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110929_00" - }, - { - "name" : "49742", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49742" - }, - { - "name" : "1026130", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1026130" - }, - { - "name" : "43157", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43157" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary code via unspecified vectors, related to a \"code injection issue.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49742", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49742" + }, + { + "name": "1026130", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1026130" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110929_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110929_00" + }, + { + "name": "43157", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43157" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0859.json b/2011/0xxx/CVE-2011-0859.json index 750ef5fe9d4..deccae26cea 100644 --- a/2011/0xxx/CVE-2011-0859.json +++ b/2011/0xxx/CVE-2011-0859.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0859", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Tax Update 11-B and 9.1 Tax Update 11-B allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Global Payroll - North America." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Tax Update 11-B and 9.1 Tax Update 11-B allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Global Payroll - North America." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0976.json b/2011/0xxx/CVE-2011-0976.json index 35dfd0c4d2e..2b55feadeaf 100644 --- a/2011/0xxx/CVE-2011-0976.json +++ b/2011/0xxx/CVE-2011-0976.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 do not properly handle Office Art containers that have invalid records, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PowerPoint document with a container that triggers certain access to an uninitialized object, aka \"OfficeArt Atom RCE Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110207 ZDI-11-044: Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516233/100/0/threaded" - }, - { - "name" : "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-11-044/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-11-044/" - }, - { - "name" : "MS11-022", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022" - }, - { - "name" : "TA11-102A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" - }, - { - "name" : "oval:org.mitre.oval:def:11978", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11978" - }, - { - "name" : "1025340", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025340" - }, - { - "name" : "43213", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43213" - }, - { - "name" : "ADV-2011-0941", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 do not properly handle Office Art containers that have invalid records, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PowerPoint document with a container that triggers certain access to an uninitialized object, aka \"OfficeArt Atom RCE Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS11-022", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022" + }, + { + "name": "TA11-102A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" + }, + { + "name": "oval:org.mitre.oval:def:11978", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11978" + }, + { + "name": "1025340", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025340" + }, + { + "name": "20110207 ZDI-11-044: Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516233/100/0/threaded" + }, + { + "name": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-11-044/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-11-044/" + }, + { + "name": "ADV-2011-0941", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0941" + }, + { + "name": "43213", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43213" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1066.json b/2011/1xxx/CVE-2011-1066.json index b4b0e01b364..72e91255207 100644 --- a/2011/1xxx/CVE-2011-1066.json +++ b/2011/1xxx/CVE-2011-1066.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/1064024", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1064024" - }, - { - "name" : "46438", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46438" - }, - { - "name" : "70933", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70933" - }, - { - "name" : "43385", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43385" - }, - { - "name" : "messaging-unspec-xss(65449)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65449" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46438", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46438" + }, + { + "name": "messaging-unspec-xss(65449)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65449" + }, + { + "name": "http://drupal.org/node/1064024", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1064024" + }, + { + "name": "70933", + "refsource": "OSVDB", + "url": "http://osvdb.org/70933" + }, + { + "name": "43385", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43385" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1365.json b/2011/1xxx/CVE-2011-1365.json index b5e9b18e3c1..cc47e600571 100644 --- a/2011/1xxx/CVE-2011-1365.json +++ b/2011/1xxx/CVE-2011-1365.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1365", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1365", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1454.json b/2011/1xxx/CVE-2011-1454.json index 52a90ce7a28..963742c0872 100644 --- a/2011/1xxx/CVE-2011-1454.json +++ b/2011/1xxx/CVE-2011-1454.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the DOM id handling functionality in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=79199", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=79199" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14469", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14469" - }, - { - "name" : "chrome-domid-code-execution(67160)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the DOM id handling functionality in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=79199", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=79199" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html" + }, + { + "name": "oval:org.mitre.oval:def:14469", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14469" + }, + { + "name": "chrome-domid-code-execution(67160)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67160" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1567.json b/2011/1xxx/CVE-2011-1567.json index 4a5f6a0167b..62d4f8b0aae 100644 --- a/2011/1xxx/CVE-2011-1567.json +++ b/2011/1xxx/CVE-2011-1567.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted (1) ListAll, (2) Write File, (3) ReadFile, (4) Delete, (5) RenameFile, and (6) FileInfo commands in an 0xd opcode; (7) the Add, (8) ReadFile, (9) Write File, (10) Rename, (11) Delete, and (12) Add commands in an RMS report templates (0x7) opcode; and (13) 0x4 command in an STDREP request (0x8) opcode to TCP port 12401." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17024", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17024" - }, - { - "name" : "http://aluigi.org/adv/igss_2-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.org/adv/igss_2-adv.txt" - }, - { - "name" : "http://aluigi.org/adv/igss_3-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.org/adv/igss_3-adv.txt" - }, - { - "name" : "http://aluigi.org/adv/igss_4-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.org/adv/igss_4-adv.txt" - }, - { - "name" : "http://aluigi.org/adv/igss_5-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.org/adv/igss_5-adv.txt" - }, - { - "name" : "http://aluigi.org/adv/igss_7-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.org/adv/igss_7-adv.txt" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf" - }, - { - "name" : "46936", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46936" - }, - { - "name" : "43849", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43849" - }, - { - "name" : "8179", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8179" - }, - { - "name" : "8251", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8251" - }, - { - "name" : "ADV-2011-0741", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0741" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted (1) ListAll, (2) Write File, (3) ReadFile, (4) Delete, (5) RenameFile, and (6) FileInfo commands in an 0xd opcode; (7) the Add, (8) ReadFile, (9) Write File, (10) Rename, (11) Delete, and (12) Add commands in an RMS report templates (0x7) opcode; and (13) 0x4 command in an STDREP request (0x8) opcode to TCP port 12401." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46936", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46936" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf" + }, + { + "name": "http://aluigi.org/adv/igss_2-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.org/adv/igss_2-adv.txt" + }, + { + "name": "43849", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43849" + }, + { + "name": "http://aluigi.org/adv/igss_4-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.org/adv/igss_4-adv.txt" + }, + { + "name": "ADV-2011-0741", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0741" + }, + { + "name": "17024", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17024" + }, + { + "name": "http://aluigi.org/adv/igss_5-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.org/adv/igss_5-adv.txt" + }, + { + "name": "8179", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8179" + }, + { + "name": "8251", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8251" + }, + { + "name": "http://aluigi.org/adv/igss_3-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.org/adv/igss_3-adv.txt" + }, + { + "name": "http://aluigi.org/adv/igss_7-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.org/adv/igss_7-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1801.json b/2011/1xxx/CVE-2011-1801.json index 47a651f1760..f8efdc92b18 100644 --- a/2011/1xxx/CVE-2011-1801.json +++ b/2011/1xxx/CVE-2011-1801.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1801", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Google Chrome before 11.0.696.71 allows remote attackers to bypass the pop-up blocker via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-1801", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=72189", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=72189" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/05/stable-channel-update_24.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/05/stable-channel-update_24.html" - }, - { - "name" : "47966", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47966" - }, - { - "name" : "oval:org.mitre.oval:def:14474", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Google Chrome before 11.0.696.71 allows remote attackers to bypass the pop-up blocker via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=72189", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=72189" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/05/stable-channel-update_24.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/05/stable-channel-update_24.html" + }, + { + "name": "oval:org.mitre.oval:def:14474", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14474" + }, + { + "name": "47966", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47966" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1869.json b/2011/1xxx/CVE-2011-1869.json index c668e8b1826..11a4912272c 100644 --- a/2011/1xxx/CVE-2011-1869.json +++ b/2011/1xxx/CVE-2011-1869.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1869", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka \"DFS Referral Response Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1869", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-042", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-042" - }, - { - "name" : "48187", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48187" - }, - { - "name" : "oval:org.mitre.oval:def:12640", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12640" - }, - { - "name" : "1025639", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025639" - }, - { - "name" : "44894", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44894" - }, - { - "name" : "44948", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44948" - }, - { - "name" : "ms-win-dfs-dos(67727)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67727" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka \"DFS Referral Response Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025639", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025639" + }, + { + "name": "oval:org.mitre.oval:def:12640", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12640" + }, + { + "name": "MS11-042", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-042" + }, + { + "name": "ms-win-dfs-dos(67727)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67727" + }, + { + "name": "44894", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44894" + }, + { + "name": "44948", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44948" + }, + { + "name": "48187", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48187" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3141.json b/2011/3xxx/CVE-2011-3141.json index 00f29eecd3e..5d9dbf7ee81 100644 --- a/2011/3xxx/CVE-2011-3141.json +++ b/2011/3xxx/CVE-2011-3141.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the InBatch BatchField ActiveX control for Invensys Wonderware InBatch 8.1 SP1, 9.0, and 9.0 SP1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-094-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-094-01.pdf" - }, - { - "name" : "http://iom.invensys.com/EN/pdfLibrary/Final.Tech.Alert.141.pdf", - "refsource" : "CONFIRM", - "url" : "http://iom.invensys.com/EN/pdfLibrary/Final.Tech.Alert.141.pdf" - }, - { - "name" : "72182", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/72182" - }, - { - "name" : "44336", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the InBatch BatchField ActiveX control for Invensys Wonderware InBatch 8.1 SP1, 9.0, and 9.0 SP1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44336", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44336" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-094-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-094-01.pdf" + }, + { + "name": "http://iom.invensys.com/EN/pdfLibrary/Final.Tech.Alert.141.pdf", + "refsource": "CONFIRM", + "url": "http://iom.invensys.com/EN/pdfLibrary/Final.Tech.Alert.141.pdf" + }, + { + "name": "72182", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/72182" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4230.json b/2011/4xxx/CVE-2011-4230.json index 722f8bf5877..93bdf40f33c 100644 --- a/2011/4xxx/CVE-2011-4230.json +++ b/2011/4xxx/CVE-2011-4230.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4230", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4230", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4266.json b/2011/4xxx/CVE-2011-4266.json index 54e8ff0c85c..831b4a02855 100644 --- a/2011/4xxx/CVE-2011-4266.json +++ b/2011/4xxx/CVE-2011-4266.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4266", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in FFFTP before 1.98d allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file, a different vulnerability than CVE-2011-3991." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2011-4266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.jp/projects/ffftp/wiki/Security", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.jp/projects/ffftp/wiki/Security" - }, - { - "name" : "JVN#94002296", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN94002296/index.html" - }, - { - "name" : "JVNDB-2011-000104", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000104" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in FFFTP before 1.98d allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file, a different vulnerability than CVE-2011-3991." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2011-000104", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000104" + }, + { + "name": "http://sourceforge.jp/projects/ffftp/wiki/Security", + "refsource": "CONFIRM", + "url": "http://sourceforge.jp/projects/ffftp/wiki/Security" + }, + { + "name": "JVN#94002296", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN94002296/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4364.json b/2011/4xxx/CVE-2011-4364.json index 5a250edc012..2bc26cf6786 100644 --- a/2011/4xxx/CVE-2011-4364.json +++ b/2011/4xxx/CVE-2011-4364.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VMD file, related to corrupted streams." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ffmpeg.org/", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/" - }, - { - "name" : "http://git.libav.org/?p=libav.git;a=commit;h=c0cbe36b18ab3eb13a53fe684ec1f63a00df2c86", - "refsource" : "CONFIRM", - "url" : "http://git.libav.org/?p=libav.git;a=commit;h=c0cbe36b18ab3eb13a53fe684ec1f63a00df2c86" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c0cbe36b18ab3eb13a53fe684ec1f63a00df2c86", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c0cbe36b18ab3eb13a53fe684ec1f63a00df2c86" - }, - { - "name" : "http://libav.org/", - "refsource" : "CONFIRM", - "url" : "http://libav.org/" - }, - { - "name" : "http://libav.org/releases/libav-0.5.6.changelog", - "refsource" : "CONFIRM", - "url" : "http://libav.org/releases/libav-0.5.6.changelog" - }, - { - "name" : "http://libav.org/releases/libav-0.6.4.changelog", - "refsource" : "CONFIRM", - "url" : "http://libav.org/releases/libav-0.6.4.changelog" - }, - { - "name" : "http://libav.org/releases/libav-0.7.3.changelog", - "refsource" : "CONFIRM", - "url" : "http://libav.org/releases/libav-0.7.3.changelog" - }, - { - "name" : "MDVSA-2012:074", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:074" - }, - { - "name" : "MDVSA-2012:075", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:075" - }, - { - "name" : "MDVSA-2012:076", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:076" - }, - { - "name" : "USN-1320-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1320-1" - }, - { - "name" : "USN-1333-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1333-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VMD file, related to corrupted streams." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c0cbe36b18ab3eb13a53fe684ec1f63a00df2c86", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c0cbe36b18ab3eb13a53fe684ec1f63a00df2c86" + }, + { + "name": "http://libav.org/releases/libav-0.6.4.changelog", + "refsource": "CONFIRM", + "url": "http://libav.org/releases/libav-0.6.4.changelog" + }, + { + "name": "MDVSA-2012:076", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:076" + }, + { + "name": "USN-1320-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1320-1" + }, + { + "name": "MDVSA-2012:074", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:074" + }, + { + "name": "MDVSA-2012:075", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:075" + }, + { + "name": "http://ffmpeg.org/", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/" + }, + { + "name": "http://libav.org/", + "refsource": "CONFIRM", + "url": "http://libav.org/" + }, + { + "name": "USN-1333-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1333-1" + }, + { + "name": "http://libav.org/releases/libav-0.5.6.changelog", + "refsource": "CONFIRM", + "url": "http://libav.org/releases/libav-0.5.6.changelog" + }, + { + "name": "http://libav.org/releases/libav-0.7.3.changelog", + "refsource": "CONFIRM", + "url": "http://libav.org/releases/libav-0.7.3.changelog" + }, + { + "name": "http://git.libav.org/?p=libav.git;a=commit;h=c0cbe36b18ab3eb13a53fe684ec1f63a00df2c86", + "refsource": "CONFIRM", + "url": "http://git.libav.org/?p=libav.git;a=commit;h=c0cbe36b18ab3eb13a53fe684ec1f63a00df2c86" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4603.json b/2011/4xxx/CVE-2011-4603.json index f4948af1998..c0ac4842296 100644 --- a/2011/4xxx/CVE-2011-4603.json +++ b/2011/4xxx/CVE-2011-4603.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4603", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://developer.pidgin.im/viewmtn/revision/diff/c7b95cc3be0590b52edc02d4750ae62844c1acb6/with/afb9ede3de989f217f03d5670cca00e628bd11f1/libpurple/protocols/silc/ops.c", - "refsource" : "CONFIRM", - "url" : "http://developer.pidgin.im/viewmtn/revision/diff/c7b95cc3be0590b52edc02d4750ae62844c1acb6/with/afb9ede3de989f217f03d5670cca00e628bd11f1/libpurple/protocols/silc/ops.c" - }, - { - "name" : "http://developer.pidgin.im/viewmtn/revision/info/afb9ede3de989f217f03d5670cca00e628bd11f1", - "refsource" : "CONFIRM", - "url" : "http://developer.pidgin.im/viewmtn/revision/info/afb9ede3de989f217f03d5670cca00e628bd11f1" - }, - { - "name" : "http://www.pidgin.im/news/security/?id=59", - "refsource" : "CONFIRM", - "url" : "http://www.pidgin.im/news/security/?id=59" - }, - { - "name" : "RHSA-2011:1820", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1820.html" - }, - { - "name" : "openSUSE-SU-2012:0066", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/13195955" - }, - { - "name" : "51074", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51074" - }, - { - "name" : "oval:org.mitre.oval:def:18303", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18303" - }, - { - "name" : "47234", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47234" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2011:1820", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1820.html" + }, + { + "name": "http://developer.pidgin.im/viewmtn/revision/info/afb9ede3de989f217f03d5670cca00e628bd11f1", + "refsource": "CONFIRM", + "url": "http://developer.pidgin.im/viewmtn/revision/info/afb9ede3de989f217f03d5670cca00e628bd11f1" + }, + { + "name": "51074", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51074" + }, + { + "name": "openSUSE-SU-2012:0066", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/13195955" + }, + { + "name": "oval:org.mitre.oval:def:18303", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18303" + }, + { + "name": "http://www.pidgin.im/news/security/?id=59", + "refsource": "CONFIRM", + "url": "http://www.pidgin.im/news/security/?id=59" + }, + { + "name": "http://developer.pidgin.im/viewmtn/revision/diff/c7b95cc3be0590b52edc02d4750ae62844c1acb6/with/afb9ede3de989f217f03d5670cca00e628bd11f1/libpurple/protocols/silc/ops.c", + "refsource": "CONFIRM", + "url": "http://developer.pidgin.im/viewmtn/revision/diff/c7b95cc3be0590b52edc02d4750ae62844c1acb6/with/afb9ede3de989f217f03d5670cca00e628bd11f1/libpurple/protocols/silc/ops.c" + }, + { + "name": "47234", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47234" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4960.json b/2011/4xxx/CVE-2011-4960.json index 7842393f486..30bebfde80c 100644 --- a/2011/4xxx/CVE-2011-4960.json +++ b/2011/4xxx/CVE-2011-4960.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Folder::findOrMake method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/30/1" - }, - { - "name" : "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/30/3" - }, - { - "name" : "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12", - "refsource" : "CONFIRM", - "url" : "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12" - }, - { - "name" : "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6", - "refsource" : "CONFIRM", - "url" : "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6" - }, - { - "name" : "https://github.com/silverstripe/sapphire/commit/fef7c32", - "refsource" : "CONFIRM", - "url" : "https://github.com/silverstripe/sapphire/commit/fef7c32" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Folder::findOrMake method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/silverstripe/sapphire/commit/fef7c32", + "refsource": "CONFIRM", + "url": "https://github.com/silverstripe/sapphire/commit/fef7c32" + }, + { + "name": "[oss-security] 20120430 CVE-request: SilverStripe before 2.4.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/30/1" + }, + { + "name": "[oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/30/3" + }, + { + "name": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12", + "refsource": "CONFIRM", + "url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.12" + }, + { + "name": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6", + "refsource": "CONFIRM", + "url": "http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.6" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5278.json b/2011/5xxx/CVE-2011-5278.json index dfb80473621..8f926403b59 100644 --- a/2011/5xxx/CVE-2011-5278.json +++ b/2011/5xxx/CVE-2011-5278.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in signature.php in Advanced Forum Signatures plugin (aka afsignatures) 2.0.4 for MyBB allows remote attackers to execute arbitrary SQL commands via the afs_bar_right parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17961", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17961" - }, - { - "name" : "50051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50051/info" - }, - { - "name" : "76295", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76295" - }, - { - "name" : "46352", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46352" - }, - { - "name" : "mybbafs-signature-sql-injection(70473)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in signature.php in Advanced Forum Signatures plugin (aka afsignatures) 2.0.4 for MyBB allows remote attackers to execute arbitrary SQL commands via the afs_bar_right parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mybbafs-signature-sql-injection(70473)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70473" + }, + { + "name": "17961", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17961" + }, + { + "name": "46352", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46352" + }, + { + "name": "76295", + "refsource": "OSVDB", + "url": "http://osvdb.org/76295" + }, + { + "name": "50051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50051/info" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5297.json b/2013/5xxx/CVE-2013-5297.json index 2bb6711393d..0c513a209b3 100644 --- a/2013/5xxx/CVE-2013-5297.json +++ b/2013/5xxx/CVE-2013-5297.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5297", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5297", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5710.json b/2013/5xxx/CVE-2013-5710.json index c97207b983a..66fc17dca76 100644 --- a/2013/5xxx/CVE-2013-5710.json +++ b/2013/5xxx/CVE-2013-5710.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel in FreeBSD 8.3 through 9.2 allows local users with certain permissions to bypass access restrictions via a hardlink in a nullfs instance to a file in a different instance." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://svnweb.freebsd.org/base?view=revision&revision=255442", - "refsource" : "CONFIRM", - "url" : "http://svnweb.freebsd.org/base?view=revision&revision=255442" - }, - { - "name" : "DSA-2769", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2769" - }, - { - "name" : "FreeBSD-SA-13:13", - "refsource" : "FREEBSD", - "url" : "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:13.nullfs.asc" - }, - { - "name" : "1029015", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029015" - }, - { - "name" : "54861", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel in FreeBSD 8.3 through 9.2 allows local users with certain permissions to bypass access restrictions via a hardlink in a nullfs instance to a file in a different instance." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54861", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54861" + }, + { + "name": "1029015", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029015" + }, + { + "name": "DSA-2769", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2769" + }, + { + "name": "FreeBSD-SA-13:13", + "refsource": "FREEBSD", + "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:13.nullfs.asc" + }, + { + "name": "http://svnweb.freebsd.org/base?view=revision&revision=255442", + "refsource": "CONFIRM", + "url": "http://svnweb.freebsd.org/base?view=revision&revision=255442" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2008.json b/2014/2xxx/CVE-2014-2008.json index 09ed6a7f136..f2b60e89bca 100644 --- a/2014/2xxx/CVE-2014-2008.json +++ b/2014/2xxx/CVE-2014-2008.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "34586", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/34586" - }, - { - "name" : "20140903 Mpay24 prestashop payment module multiple vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Sep/23" - }, - { - "name" : "http://packetstormsecurity.com/files/128136/Mpay24-Payment-Module-1.5-Information-Disclosure-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128136/Mpay24-Payment-Module-1.5-Information-Disclosure-SQL-Injection.html" - }, - { - "name" : "69560", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69560" - }, - { - "name" : "110737", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/110737" - }, - { - "name" : "mpay24-cve20142008-sql-injection(95720)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95720" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/128136/Mpay24-Payment-Module-1.5-Information-Disclosure-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128136/Mpay24-Payment-Module-1.5-Information-Disclosure-SQL-Injection.html" + }, + { + "name": "34586", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/34586" + }, + { + "name": "20140903 Mpay24 prestashop payment module multiple vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Sep/23" + }, + { + "name": "110737", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/110737" + }, + { + "name": "mpay24-cve20142008-sql-injection(95720)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95720" + }, + { + "name": "69560", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69560" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2126.json b/2014/2xxx/CVE-2014-2126.json index 165fce95d51..583ffb74df3 100644 --- a/2014/2xxx/CVE-2014-2126.json +++ b/2014/2xxx/CVE-2014-2126.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), 8.4 before 8.4(7.5), 8.7 before 8.7(1.11), 9.0 before 9.0(3.10), and 9.1 before 9.1(3.4) allows remote authenticated users to gain privileges by leveraging level-0 ASDM access, aka Bug ID CSCuj33496." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-2126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140409 Multiple Vulnerabilities in Cisco ASA Software", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), 8.4 before 8.4(7.5), 8.7 before 8.7(1.11), 9.0 before 9.0(3.10), and 9.1 before 9.1(3.4) allows remote authenticated users to gain privileges by leveraging level-0 ASDM access, aka Bug ID CSCuj33496." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140409 Multiple Vulnerabilities in Cisco ASA Software", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2165.json b/2014/2xxx/CVE-2014-2165.json index a3935b56b32..b38cfb86714 100644 --- a/2014/2xxx/CVE-2014-2165.json +++ b/2014/2xxx/CVE-2014-2165.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtq72699." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-2165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtq72699." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2603.json b/2014/2xxx/CVE-2014-2603.json index d3c4a5578c5..c1e2df280e5 100644 --- a/2014/2xxx/CVE-2014-2603.json +++ b/2014/2xxx/CVE-2014-2603.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2603", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability on HP 8/20q switches, SN6000 switches, and 8Gb Simple SAN Connection Kit with firmware before 8.0.14.08.00 allows remote authenticated users to obtain sensitive information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2014-2603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST03038", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04277407" - }, - { - "name" : "SSRT101555", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04277407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability on HP 8/20q switches, SN6000 switches, and 8Gb Simple SAN Connection Kit with firmware before 8.0.14.08.00 allows remote authenticated users to obtain sensitive information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101555", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04277407" + }, + { + "name": "HPSBST03038", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04277407" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2914.json b/2014/2xxx/CVE-2014-2914.json index f736d1e32cf..6a7e3c9030b 100644 --- a/2014/2xxx/CVE-2014-2914.json +++ b/2014/2xxx/CVE-2014-2914.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2914", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2914", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3897.json b/2014/3xxx/CVE-2014-3897.json index 9af8cd86908..56cee7c547a 100644 --- a/2014/3xxx/CVE-2014-3897.json +++ b/2014/3xxx/CVE-2014-3897.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlMailer 3.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-3897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.din.or.jp/~hideyuki/home/cgi/mailer.html", - "refsource" : "CONFIRM", - "url" : "http://www.din.or.jp/~hideyuki/home/cgi/mailer.html" - }, - { - "name" : "JVN#85748534", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN85748534/index.html" - }, - { - "name" : "JVNDB-2014-000088", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlMailer 3.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2014-000088", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000088" + }, + { + "name": "http://www.din.or.jp/~hideyuki/home/cgi/mailer.html", + "refsource": "CONFIRM", + "url": "http://www.din.or.jp/~hideyuki/home/cgi/mailer.html" + }, + { + "name": "JVN#85748534", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN85748534/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6320.json b/2014/6xxx/CVE-2014-6320.json index 43173270c39..3473af22d6a 100644 --- a/2014/6xxx/CVE-2014-6320.json +++ b/2014/6xxx/CVE-2014-6320.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6320", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-6320", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6450.json b/2014/6xxx/CVE-2014-6450.json index 564017fdca0..ddd1c2f3335 100644 --- a/2014/6xxx/CVE-2014-6450.json +++ b/2014/6xxx/CVE-2014-6450.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, 12.1X46 before 12.1X46-D26, 12.1X47 before 12.1X47-D11/D15, 12.2 before 12.2R9, 12.2X50 before 12.2X50-D70, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 12.3X50 before 12.3X50-D42, 13.1 before 13.1R4-S3, 13.1X49 before 13.1X49-D42, 13.1X50 before 13.1X50-D30, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D26, 13.2X52 before 13.2X52-D15, 13.3 before 13.3R3-S3, 14.1 before 14.1R3, 14.2 before 14.2R1, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D10, when configured for IPv6, allow remote attackers to cause a denial of service (mbuf chain corruption and kernel panic) via crafted IPv6 packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10699", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10699" - }, - { - "name" : "1033855", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033855" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, 12.1X46 before 12.1X46-D26, 12.1X47 before 12.1X47-D11/D15, 12.2 before 12.2R9, 12.2X50 before 12.2X50-D70, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 12.3X50 before 12.3X50-D42, 13.1 before 13.1R4-S3, 13.1X49 before 13.1X49-D42, 13.1X50 before 13.1X50-D30, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D26, 13.2X52 before 13.2X52-D15, 13.3 before 13.3R3-S3, 14.1 before 14.1R3, 14.2 before 14.2R1, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D10, when configured for IPv6, allow remote attackers to cause a denial of service (mbuf chain corruption and kernel panic) via crafted IPv6 packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10699", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10699" + }, + { + "name": "1033855", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033855" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6528.json b/2014/6xxx/CVE-2014-6528.json index 2dea53e2c31..6eb6ee52724 100644 --- a/2014/6xxx/CVE-2014-6528.json +++ b/2014/6xxx/CVE-2014-6528.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6528", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Siebel Core - System Management component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Server Infrastructure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6528", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "1031578", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031578" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Siebel Core - System Management component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Server Infrastructure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "1031578", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031578" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6677.json b/2014/6xxx/CVE-2014-6677.json index a6630296952..a97c623b801 100644 --- a/2014/6xxx/CVE-2014-6677.json +++ b/2014/6xxx/CVE-2014-6677.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6677", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Ticket Round Up (aka com.xcr.android.ticketroundupapp) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#143641", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/143641" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Ticket Round Up (aka com.xcr.android.ticketroundupapp) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#143641", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/143641" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6797.json b/2014/6xxx/CVE-2014-6797.json index a7a391330ef..38e4ecb8100 100644 --- a/2014/6xxx/CVE-2014-6797.json +++ b/2014/6xxx/CVE-2014-6797.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Abu Ali Anasheeds (aka com.faapps.abuali_anasheeds) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#389425", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/389425" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Abu Ali Anasheeds (aka com.faapps.abuali_anasheeds) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#389425", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/389425" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6804.json b/2014/6xxx/CVE-2014-6804.json index cef2b300610..4b50d437649 100644 --- a/2014/6xxx/CVE-2014-6804.json +++ b/2014/6xxx/CVE-2014-6804.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Deschutes Public MobileLibrary (aka com.bredir.boopsie.deschutes) application 4.5.110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#959401", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/959401" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Deschutes Public MobileLibrary (aka com.bredir.boopsie.deschutes) application 4.5.110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#959401", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/959401" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7111.json b/2014/7xxx/CVE-2014-7111.json index eb8956f19fb..b41dd852c66 100644 --- a/2014/7xxx/CVE-2014-7111.json +++ b/2014/7xxx/CVE-2014-7111.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Android Excellence (aka an.exc.ap) application 1.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#601857", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/601857" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Android Excellence (aka an.exc.ap) application 1.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#601857", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/601857" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7290.json b/2014/7xxx/CVE-2014-7290.json index 3e6436037e9..184d1535ec9 100644 --- a/2014/7xxx/CVE-2014-7290.json +++ b/2014/7xxx/CVE-2014-7290.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Atlas Systems Aeon 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) Action or (2) Form parameter to aeon.dll." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141114 CVE-2014-7290 Atlas Systems Aeon XSS (Cross-Site Scripting) Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/32" - }, - { - "name" : "http://packetstormsecurity.com/files/129114/Atlas-Systems-Aeon-3.5-3.6-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129114/Atlas-Systems-Aeon-3.5-3.6-Cross-Site-Scripting.html" - }, - { - "name" : "http://tetraph.com/security/xss-vulnerability/cve-2014-7290-atlas-systems-aeon-xss-cross-site-scripting-vulnerability/", - "refsource" : "MISC", - "url" : "http://tetraph.com/security/xss-vulnerability/cve-2014-7290-atlas-systems-aeon-xss-cross-site-scripting-vulnerability/" - }, - { - "name" : "atlassystemsaeon-cve20147290-xss(98705)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98705" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Atlas Systems Aeon 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) Action or (2) Form parameter to aeon.dll." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/129114/Atlas-Systems-Aeon-3.5-3.6-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129114/Atlas-Systems-Aeon-3.5-3.6-Cross-Site-Scripting.html" + }, + { + "name": "http://tetraph.com/security/xss-vulnerability/cve-2014-7290-atlas-systems-aeon-xss-cross-site-scripting-vulnerability/", + "refsource": "MISC", + "url": "http://tetraph.com/security/xss-vulnerability/cve-2014-7290-atlas-systems-aeon-xss-cross-site-scripting-vulnerability/" + }, + { + "name": "20141114 CVE-2014-7290 Atlas Systems Aeon XSS (Cross-Site Scripting) Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/32" + }, + { + "name": "atlassystemsaeon-cve20147290-xss(98705)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98705" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7354.json b/2014/7xxx/CVE-2014-7354.json index 0394fd171b8..8987a636b21 100644 --- a/2014/7xxx/CVE-2014-7354.json +++ b/2014/7xxx/CVE-2014-7354.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7354", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Penumbra eMag (aka com.magzter.penumbraemag) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7354", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#949985", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/949985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Penumbra eMag (aka com.magzter.penumbraemag) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#949985", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/949985" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7372.json b/2014/7xxx/CVE-2014-7372.json index 479752fd6e9..47232bdee2a 100644 --- a/2014/7xxx/CVE-2014-7372.json +++ b/2014/7xxx/CVE-2014-7372.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Mr.Sausage (aka com.app_mrsausage.layout) application 1.301 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#448913", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/448913" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mr.Sausage (aka com.app_mrsausage.layout) application 1.301 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#448913", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/448913" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7413.json b/2014/7xxx/CVE-2014-7413.json index d4d6cc3daf2..85a50e594c0 100644 --- a/2014/7xxx/CVE-2014-7413.json +++ b/2014/7xxx/CVE-2014-7413.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Rajendra Suriji (aka com.rajendrasuriji.nakodabhairav.com) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#716785", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/716785" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Rajendra Suriji (aka com.rajendrasuriji.nakodabhairav.com) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#716785", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/716785" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7862.json b/2014/7xxx/CVE-2014-7862.json index d5d6071e52b..1b28145033b 100644 --- a/2014/7xxx/CVE-2014-7862.json +++ b/2014/7xxx/CVE-2014-7862.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141231 [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534356/100/0/threaded" - }, - { - "name" : "20150102 [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/2" - }, - { - "name" : "http://packetstormsecurity.com/files/129769/Desktop-Central-Add-Administrator.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129769/Desktop-Central-Add-Administrator.html" - }, - { - "name" : "https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_dc9_admin.txt", - "refsource" : "MISC", - "url" : "https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_dc9_admin.txt" - }, - { - "name" : "https://www.rapid7.com/db/modules/auxiliary/admin/http/manage_engine_dc_create_admin", - "refsource" : "MISC", - "url" : "https://www.rapid7.com/db/modules/auxiliary/admin/http/manage_engine_dc_create_admin" - }, - { - "name" : "https://www.manageengine.com/products/desktop-central/cve20147862-unauthorized-account-creation.html", - "refsource" : "CONFIRM", - "url" : "https://www.manageengine.com/products/desktop-central/cve20147862-unauthorized-account-creation.html" - }, - { - "name" : "71849", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71849" - }, - { - "name" : "desktopcentral-cve20147862-sec-bypass(99595)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99595" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/129769/Desktop-Central-Add-Administrator.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129769/Desktop-Central-Add-Administrator.html" + }, + { + "name": "https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_dc9_admin.txt", + "refsource": "MISC", + "url": "https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_dc9_admin.txt" + }, + { + "name": "71849", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71849" + }, + { + "name": "20141231 [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534356/100/0/threaded" + }, + { + "name": "desktopcentral-cve20147862-sec-bypass(99595)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99595" + }, + { + "name": "https://www.manageengine.com/products/desktop-central/cve20147862-unauthorized-account-creation.html", + "refsource": "CONFIRM", + "url": "https://www.manageengine.com/products/desktop-central/cve20147862-unauthorized-account-creation.html" + }, + { + "name": "https://www.rapid7.com/db/modules/auxiliary/admin/http/manage_engine_dc_create_admin", + "refsource": "MISC", + "url": "https://www.rapid7.com/db/modules/auxiliary/admin/http/manage_engine_dc_create_admin" + }, + { + "name": "20150102 [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/2" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0044.json b/2017/0xxx/CVE-2017-0044.json index cfd26d13509..682f831fc21 100644 --- a/2017/0xxx/CVE-2017-0044.json +++ b/2017/0xxx/CVE-2017-0044.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0044", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0044", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0141.json b/2017/0xxx/CVE-2017-0141.json index f2c5b1b29a1..6d1a032fb5d 100644 --- a/2017/0xxx/CVE-2017-0141.json +++ b/2017/0xxx/CVE-2017-0141.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Browser", - "version" : { - "version_data" : [ - { - "version_value" : "Browser" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0150, and CVE-2017-0151." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Browser", + "version": { + "version_data": [ + { + "version_value": "Browser" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0141", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0141" - }, - { - "name" : "96685", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96685" - }, - { - "name" : "1038006", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038006" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0150, and CVE-2017-0151." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0141", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0141" + }, + { + "name": "96685", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96685" + }, + { + "name": "1038006", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038006" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0380.json b/2017/0xxx/CVE-2017-0380.json index 05ffcfc785e..ae6bbeb0f81 100644 --- a/2017/0xxx/CVE-2017-0380.json +++ b/2017/0xxx/CVE-2017-0380.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@debian.org", - "ID" : "CVE-2017-0380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Tor before 0.3.1.7", - "version" : { - "version_data" : [ - { - "version_value" : "Tor before 0.3.1.7" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "use of uninitialized stack data" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2017-0380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tor before 0.3.1.7", + "version": { + "version_data": [ + { + "version_value": "Tor before 0.3.1.7" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/torproject/tor/commit/09ea89764a4d3a907808ed7d4fe42abfe64bd486", - "refsource" : "CONFIRM", - "url" : "https://github.com/torproject/tor/commit/09ea89764a4d3a907808ed7d4fe42abfe64bd486" - }, - { - "name" : "https://trac.torproject.org/projects/tor/ticket/23490", - "refsource" : "CONFIRM", - "url" : "https://trac.torproject.org/projects/tor/ticket/23490" - }, - { - "name" : "DSA-3993", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3993" - }, - { - "name" : "1039519", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039519" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use of uninitialized stack data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://trac.torproject.org/projects/tor/ticket/23490", + "refsource": "CONFIRM", + "url": "https://trac.torproject.org/projects/tor/ticket/23490" + }, + { + "name": "https://github.com/torproject/tor/commit/09ea89764a4d3a907808ed7d4fe42abfe64bd486", + "refsource": "CONFIRM", + "url": "https://github.com/torproject/tor/commit/09ea89764a4d3a907808ed7d4fe42abfe64bd486" + }, + { + "name": "1039519", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039519" + }, + { + "name": "DSA-3993", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3993" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0869.json b/2017/0xxx/CVE-2017-0869.json index 8a4c1693cfa..b483b6976da 100644 --- a/2017/0xxx/CVE-2017-0869.json +++ b/2017/0xxx/CVE-2017-0869.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-01-02T00:00:00", - "ID" : "CVE-2017-0869", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "NA" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. This issue is rated as high. Version: N/A. Android ID: A-37776156. References: N-CVE-2017-0869." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-01-02T00:00:00", + "ID": "CVE-2017-0869", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "NA" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-01-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-01-01" - }, - { - "name" : "102374", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102374" - }, - { - "name" : "1040106", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. This issue is rated as high. Version: N/A. Android ID: A-37776156. References: N-CVE-2017-0869." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-01-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-01-01" + }, + { + "name": "102374", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102374" + }, + { + "name": "1040106", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040106" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0885.json b/2017/0xxx/CVE-2017-0885.json index 1302b4b5d0b..55f0d4d89e2 100644 --- a/2017/0xxx/CVE-2017-0885.json +++ b/2017/0xxx/CVE-2017-0885.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2017-0885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Nextcloud Server", - "version" : { - "version_data" : [ - { - "version_value" : "All versions before 9.0.55 and 10.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "Nextcloud" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure Through an Error Message (CWE-209)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2017-0885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server", + "version": { + "version_data": [ + { + "version_value": "All versions before 9.0.55 and 10.0.2" + } + ] + } + } + ] + }, + "vendor_name": "Nextcloud" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/174524", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/174524" - }, - { - "name" : "https://nextcloud.com/security/advisory/?id=nc-sa-2017-003", - "refsource" : "CONFIRM", - "url" : "https://nextcloud.com/security/advisory/?id=nc-sa-2017-003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure Through an Error Message (CWE-209)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nextcloud.com/security/advisory/?id=nc-sa-2017-003", + "refsource": "CONFIRM", + "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2017-003" + }, + { + "name": "https://hackerone.com/reports/174524", + "refsource": "MISC", + "url": "https://hackerone.com/reports/174524" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18015.json b/2017/18xxx/CVE-2017-18015.json index 6d1eaec94c3..5b452a46b38 100644 --- a/2017/18xxx/CVE-2017-18015.json +++ b/2017/18xxx/CVE-2017-18015.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ILLID Share This Image plugin before 1.04 for WordPress has XSS via the sharer.php url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://packetstormsecurity.com/files/145464/WordPress-Share-This-Image-1.03-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/145464/WordPress-Share-This-Image-1.03-Cross-Site-Scripting.html" - }, - { - "name" : "https://wordpress.org/plugins/share-this-image/#developers", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/share-this-image/#developers" - }, - { - "name" : "https://wordpress.org/support/topic/share-this-image-1-03-cross-site-scripting/", - "refsource" : "MISC", - "url" : "https://wordpress.org/support/topic/share-this-image-1-03-cross-site-scripting/" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8991", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8991" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ILLID Share This Image plugin before 1.04 for WordPress has XSS via the sharer.php url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wpvulndb.com/vulnerabilities/8991", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8991" + }, + { + "name": "https://wordpress.org/support/topic/share-this-image-1-03-cross-site-scripting/", + "refsource": "MISC", + "url": "https://wordpress.org/support/topic/share-this-image-1-03-cross-site-scripting/" + }, + { + "name": "https://wordpress.org/plugins/share-this-image/#developers", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/share-this-image/#developers" + }, + { + "name": "https://packetstormsecurity.com/files/145464/WordPress-Share-This-Image-1.03-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/145464/WordPress-Share-This-Image-1.03-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1432.json b/2017/1xxx/CVE-2017-1432.json index ee329c6a1a8..7888dbfd08d 100644 --- a/2017/1xxx/CVE-2017-1432.json +++ b/2017/1xxx/CVE-2017-1432.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1432", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1432", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1531.json b/2017/1xxx/CVE-2017-1531.json index a2e96e9c3ed..4e96a7e34ff 100644 --- a/2017/1xxx/CVE-2017-1531.json +++ b/2017/1xxx/CVE-2017-1531.json @@ -1,139 +1,139 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-09-22T00:00:00", - "ID" : "CVE-2017-1531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Business Process Manager Advanced", - "version" : { - "version_data" : [ - { - "version_value" : "7.5" - }, - { - "version_value" : "7.5.0.1" - }, - { - "version_value" : "7.5.1" - }, - { - "version_value" : "7.5.1.1" - }, - { - "version_value" : "7.5.1.2" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.0.1" - }, - { - "version_value" : "8.0.1.1" - }, - { - "version_value" : "8.0.1.2" - }, - { - "version_value" : "8.5" - }, - { - "version_value" : "8.5.0.1" - }, - { - "version_value" : "8.5.5" - }, - { - "version_value" : "8.0.1.3" - }, - { - "version_value" : "8.5.6" - }, - { - "version_value" : "8.5.0.2" - }, - { - "version_value" : "8.5.7" - }, - { - "version_value" : "8.5.7.CF201609" - }, - { - "version_value" : "8.5.6.1" - }, - { - "version_value" : "8.5.6.2" - }, - { - "version_value" : "8.5.7.CF201606" - }, - { - "version_value" : "8.5.7.CF201612" - }, - { - "version_value" : "8.5.7.CF201703" - }, - { - "version_value" : "8.5.7.CF201706" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130410." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-09-22T00:00:00", + "ID": "CVE-2017-1531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Business Process Manager Advanced", + "version": { + "version_data": [ + { + "version_value": "7.5" + }, + { + "version_value": "7.5.0.1" + }, + { + "version_value": "7.5.1" + }, + { + "version_value": "7.5.1.1" + }, + { + "version_value": "7.5.1.2" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.0.1" + }, + { + "version_value": "8.0.1.1" + }, + { + "version_value": "8.0.1.2" + }, + { + "version_value": "8.5" + }, + { + "version_value": "8.5.0.1" + }, + { + "version_value": "8.5.5" + }, + { + "version_value": "8.0.1.3" + }, + { + "version_value": "8.5.6" + }, + { + "version_value": "8.5.0.2" + }, + { + "version_value": "8.5.7" + }, + { + "version_value": "8.5.7.CF201609" + }, + { + "version_value": "8.5.6.1" + }, + { + "version_value": "8.5.6.2" + }, + { + "version_value": "8.5.7.CF201606" + }, + { + "version_value": "8.5.7.CF201612" + }, + { + "version_value": "8.5.7.CF201703" + }, + { + "version_value": "8.5.7.CF201706" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130410", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130410" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22007354", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22007354" - }, - { - "name" : "100963", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100963" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130410." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100963", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100963" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130410", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130410" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22007354", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22007354" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5292.json b/2017/5xxx/CVE-2017-5292.json index 3a08db7d4e5..b7bc8fe92f3 100644 --- a/2017/5xxx/CVE-2017-5292.json +++ b/2017/5xxx/CVE-2017-5292.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5292", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5292", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5312.json b/2017/5xxx/CVE-2017-5312.json index cc259d68c09..7c31b5fe195 100644 --- a/2017/5xxx/CVE-2017-5312.json +++ b/2017/5xxx/CVE-2017-5312.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5312", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5312", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5701.json b/2017/5xxx/CVE-2017-5701.json index 22f4416474f..4c787a72ad1 100644 --- a/2017/5xxx/CVE-2017-5701.json +++ b/2017/5xxx/CVE-2017-5701.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2017-10-06T00:00:00", - "ID" : "CVE-2017-5701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NUC Kits", - "version" : { - "version_data" : [ - { - "version_value" : "BN0049 and below" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insecure platform configuration in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows an attacker with physical presence to run arbitrary code via unauthorized firmware modification during BIOS Recovery." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2017-10-06T00:00:00", + "ID": "CVE-2017-5701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NUC Kits", + "version": { + "version_data": [ + { + "version_value": "BN0049 and below" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr" - }, - { - "name" : "101257", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101257" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insecure platform configuration in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows an attacker with physical presence to run arbitrary code via unauthorized firmware modification during BIOS Recovery." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr" + }, + { + "name": "101257", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101257" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5708.json b/2017/5xxx/CVE-2017-5708.json index fab0d812e3e..db2fe146ccb 100644 --- a/2017/5xxx/CVE-2017-5708.json +++ b/2017/5xxx/CVE-2017-5708.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2017-11-20T00:00:00", - "ID" : "CVE-2017-5708", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Manageability Engine", - "version" : { - "version_data" : [ - { - "version_value" : "11.0/11.5/11.6/11.7/11.10/11.20" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2017-11-20T00:00:00", + "ID": "CVE-2017-5708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Manageability Engine", + "version": { + "version_data": [ + { + "version_value": "11.0/11.5/11.6/11.7/11.10/11.20" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171120-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171120-0001/" - }, - { - "name" : "https://www.asus.com/News/wzeltG5CjYaIwGJ0", - "refsource" : "CONFIRM", - "url" : "https://www.asus.com/News/wzeltG5CjYaIwGJ0" - }, - { - "name" : "https://www.synology.com/support/security/Synology_SA_17_73", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/support/security/Synology_SA_17_73" - }, - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf" - }, - { - "name" : "101921", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101921" - }, - { - "name" : "1039852", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039852" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101921", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101921" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20171120-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171120-0001/" + }, + { + "name": "1039852", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039852" + }, + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr" + }, + { + "name": "https://www.synology.com/support/security/Synology_SA_17_73", + "refsource": "CONFIRM", + "url": "https://www.synology.com/support/security/Synology_SA_17_73" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf" + }, + { + "name": "https://www.asus.com/News/wzeltG5CjYaIwGJ0", + "refsource": "CONFIRM", + "url": "https://www.asus.com/News/wzeltG5CjYaIwGJ0" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5999.json b/2017/5xxx/CVE-2017-5999.json index 6d18d15c723..0c79248f9ae 100644 --- a/2017/5xxx/CVE-2017-5999.json +++ b/2017/5xxx/CVE-2017-5999.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPT_RIJNDAEL_256() function (the 256-bit block version of Rijndael, not AES) instead of MCRYPT_RIJNDAEL_128 (real AES) could help an attacker to create unknown havoc in the remote system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cxsecurity.com/issue/WLB-2017020196", - "refsource" : "MISC", - "url" : "https://cxsecurity.com/issue/WLB-2017020196" - }, - { - "name" : "https://github.com/nuxsmin/sysPass/commit/a0e2c485e53b370a7cc6d833e192c3c5bfd70e1f", - "refsource" : "CONFIRM", - "url" : "https://github.com/nuxsmin/sysPass/commit/a0e2c485e53b370a7cc6d833e192c3c5bfd70e1f" - }, - { - "name" : "https://github.com/nuxsmin/sysPass/releases/tag/2.1.0.17022601", - "refsource" : "CONFIRM", - "url" : "https://github.com/nuxsmin/sysPass/releases/tag/2.1.0.17022601" - }, - { - "name" : "96562", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96562" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPT_RIJNDAEL_256() function (the 256-bit block version of Rijndael, not AES) instead of MCRYPT_RIJNDAEL_128 (real AES) could help an attacker to create unknown havoc in the remote system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cxsecurity.com/issue/WLB-2017020196", + "refsource": "MISC", + "url": "https://cxsecurity.com/issue/WLB-2017020196" + }, + { + "name": "https://github.com/nuxsmin/sysPass/commit/a0e2c485e53b370a7cc6d833e192c3c5bfd70e1f", + "refsource": "CONFIRM", + "url": "https://github.com/nuxsmin/sysPass/commit/a0e2c485e53b370a7cc6d833e192c3c5bfd70e1f" + }, + { + "name": "96562", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96562" + }, + { + "name": "https://github.com/nuxsmin/sysPass/releases/tag/2.1.0.17022601", + "refsource": "CONFIRM", + "url": "https://github.com/nuxsmin/sysPass/releases/tag/2.1.0.17022601" + } + ] + } +} \ No newline at end of file