diff --git a/2006/2xxx/CVE-2006-2071.json b/2006/2xxx/CVE-2006-2071.json index ce93de9fd62..d8c1800a7c3 100644 --- a/2006/2xxx/CVE-2006-2071.json +++ b/2006/2xxx/CVE-2006-2071.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bugs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451404/100/0/threaded" - }, - { - "name" : "20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451419/100/200/threaded" - }, - { - "name" : "20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451417/100/200/threaded" - }, - { - "name" : "20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451426/100/200/threaded" - }, - { - "name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6" - }, - { - "name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b78b6af66a5fbaf17d7e6bfc32384df5e34408c8", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b78b6af66a5fbaf17d7e6bfc32384df5e34408c8" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190073", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190073" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm" - }, - { - "name" : "http://www.vmware.com/download/esx/esx-202-200610-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/download/esx/esx-202-200610-patch.html" - }, - { - "name" : "http://www.vmware.com/download/esx/esx-213-200610-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/download/esx/esx-213-200610-patch.html" - }, - { - "name" : "http://www.vmware.com/download/esx/esx-254-200610-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/download/esx/esx-254-200610-patch.html" - }, - { - "name" : "MDKSA-2006:086", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:086" - }, - { - "name" : "RHSA-2006:0579", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0579.html" - }, - { - "name" : "RHSA-2006:0580", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0580.html" - }, - { - "name" : "RHSA-2006:0689", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0689.html" - }, - { - "name" : "RHSA-2006:0710", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0710.html" - }, - { - "name" : "USN-302-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-302-1" - }, - { - "name" : "oval:org.mitre.oval:def:9978", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9978" - }, - { - "name" : "ADV-2006-4502", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4502" - }, - { - "name" : "ADV-2006-1391", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1391" - }, - { - "name" : "25139", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25139" - }, - { - "name" : "20157", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20157" - }, - { - "name" : "20716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20716" - }, - { - "name" : "21035", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21035" - }, - { - "name" : "22292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22292" - }, - { - "name" : "22497", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22497" - }, - { - "name" : "22945", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22945" - }, - { - "name" : "22875", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22875" - }, - { - "name" : "23064", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23064" - }, - { - "name" : "linux-mprotect-security-bypass(26169)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26169" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bugs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:9978", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9978" + }, + { + "name": "ADV-2006-4502", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4502" + }, + { + "name": "linux-mprotect-security-bypass(26169)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26169" + }, + { + "name": "ADV-2006-1391", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1391" + }, + { + "name": "RHSA-2006:0579", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0579.html" + }, + { + "name": "20716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20716" + }, + { + "name": "22875", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22875" + }, + { + "name": "22292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22292" + }, + { + "name": "RHSA-2006:0689", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0689.html" + }, + { + "name": "http://www.vmware.com/download/esx/esx-202-200610-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/download/esx/esx-202-200610-patch.html" + }, + { + "name": "USN-302-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-302-1" + }, + { + "name": "20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451426/100/200/threaded" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190073", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190073" + }, + { + "name": "21035", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21035" + }, + { + "name": "http://www.vmware.com/download/esx/esx-213-200610-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/download/esx/esx-213-200610-patch.html" + }, + { + "name": "RHSA-2006:0580", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0580.html" + }, + { + "name": "23064", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23064" + }, + { + "name": "http://www.vmware.com/download/esx/esx-254-200610-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/download/esx/esx-254-200610-patch.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm" + }, + { + "name": "22497", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22497" + }, + { + "name": "20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451404/100/0/threaded" + }, + { + "name": "25139", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25139" + }, + { + "name": "22945", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22945" + }, + { + "name": "RHSA-2006:0710", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0710.html" + }, + { + "name": "20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451417/100/200/threaded" + }, + { + "name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b78b6af66a5fbaf17d7e6bfc32384df5e34408c8", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b78b6af66a5fbaf17d7e6bfc32384df5e34408c8" + }, + { + "name": "MDKSA-2006:086", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:086" + }, + { + "name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6", + "refsource": "CONFIRM", + "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6" + }, + { + "name": "20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451419/100/200/threaded" + }, + { + "name": "20157", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20157" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2154.json b/2006/2xxx/CVE-2006-2154.json index 5425853cabf..a9d302d1a30 100644 --- a/2006/2xxx/CVE-2006-2154.json +++ b/2006/2xxx/CVE-2006-2154.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 does not drop privileges before opening files, which allows local users to execute arbitrary code via the File>Open dialog." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kb.dantz.com/display/2n/articleDirect/index.asp?aid=9507&r=0.7344324", - "refsource" : "CONFIRM", - "url" : "http://kb.dantz.com/display/2n/articleDirect/index.asp?aid=9507&r=0.7344324" - }, - { - "name" : "17798", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17798" - }, - { - "name" : "ADV-2006-1612", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1612" - }, - { - "name" : "19850", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19850" - }, - { - "name" : "retrospect-fileopen-privilege-escalation(26226)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26226" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 does not drop privileges before opening files, which allows local users to execute arbitrary code via the File>Open dialog." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "retrospect-fileopen-privilege-escalation(26226)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26226" + }, + { + "name": "ADV-2006-1612", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1612" + }, + { + "name": "19850", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19850" + }, + { + "name": "17798", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17798" + }, + { + "name": "http://kb.dantz.com/display/2n/articleDirect/index.asp?aid=9507&r=0.7344324", + "refsource": "CONFIRM", + "url": "http://kb.dantz.com/display/2n/articleDirect/index.asp?aid=9507&r=0.7344324" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2597.json b/2006/2xxx/CVE-2006-2597.json index 6ae0450361a..0cd1b803927 100644 --- a/2006/2xxx/CVE-2006-2597.json +++ b/2006/2xxx/CVE-2006-2597.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2597", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2585. Reason: This candidate is a duplicate of CVE-2006-2585. Notes: All CVE users should reference CVE-2006-2585 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-2597", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2585. Reason: This candidate is a duplicate of CVE-2006-2585. Notes: All CVE users should reference CVE-2006-2585 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3133.json b/2006/3xxx/CVE-2006-3133.json index e4aad7814a0..01eefa61445 100644 --- a/2006/3xxx/CVE-2006-3133.json +++ b/2006/3xxx/CVE-2006-3133.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3133", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3133", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3145.json b/2006/3xxx/CVE-2006-3145.json index 37d03da3b29..ab36c1bcebe 100644 --- a/2006/3xxx/CVE-2006-3145.json +++ b/2006/3xxx/CVE-2006-3145.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code when assembling the header, possibly related to an off-by-one error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=425770", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=425770" - }, - { - "name" : "2006-0037", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0037" - }, - { - "name" : "18525", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18525" - }, - { - "name" : "ADV-2006-2449", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2449" - }, - { - "name" : "20729", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20729" - }, - { - "name" : "20775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20775" - }, - { - "name" : "netpbm-pamtofits-offbyone-bo(27244)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27244" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code when assembling the header, possibly related to an off-by-one error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2449", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2449" + }, + { + "name": "netpbm-pamtofits-offbyone-bo(27244)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27244" + }, + { + "name": "20775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20775" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=425770", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=425770" + }, + { + "name": "2006-0037", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0037" + }, + { + "name": "20729", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20729" + }, + { + "name": "18525", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18525" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3956.json b/2006/3xxx/CVE-2006-3956.json index 35033b433f0..78f3d2889e7 100644 --- a/2006/3xxx/CVE-2006-3956.json +++ b/2006/3xxx/CVE-2006-3956.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3956", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in contact.php in Advanced Webhost Billing System (AWBS) 2.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) AccountUsername and (3) Message parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060729 XSS vulnerability on AWBS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441532/100/0/threaded" - }, - { - "name" : "19226", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19226" - }, - { - "name" : "ADV-2006-3061", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3061" - }, - { - "name" : "27629", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27629" - }, - { - "name" : "21296", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21296" - }, - { - "name" : "1317", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1317" - }, - { - "name" : "awbs-contact-xss(28069)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28069" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in contact.php in Advanced Webhost Billing System (AWBS) 2.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) AccountUsername and (3) Message parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3061", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3061" + }, + { + "name": "awbs-contact-xss(28069)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28069" + }, + { + "name": "20060729 XSS vulnerability on AWBS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441532/100/0/threaded" + }, + { + "name": "21296", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21296" + }, + { + "name": "1317", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1317" + }, + { + "name": "19226", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19226" + }, + { + "name": "27629", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27629" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4348.json b/2006/4xxx/CVE-2006-4348.json index e1fe175a984..44dd32b6eec 100644 --- a/2006/4xxx/CVE-2006-4348.json +++ b/2006/4xxx/CVE-2006-4348.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in config.kochsuite.php in the Kochsuite (com_kochsuite) 0.9.4 component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060818 Joomla Kochsuite Component <= 0.9.4 (config.kochsuite.php) Remote File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443703/100/0/threaded" - }, - { - "name" : "2215", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2215" - }, - { - "name" : "19590", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19590" - }, - { - "name" : "28098", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28098" - }, - { - "name" : "1447", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1447" - }, - { - "name" : "kochsuite-config-file-include(28457)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in config.kochsuite.php in the Kochsuite (com_kochsuite) 0.9.4 component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2215", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2215" + }, + { + "name": "28098", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28098" + }, + { + "name": "kochsuite-config-file-include(28457)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28457" + }, + { + "name": "19590", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19590" + }, + { + "name": "20060818 Joomla Kochsuite Component <= 0.9.4 (config.kochsuite.php) Remote File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443703/100/0/threaded" + }, + { + "name": "1447", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1447" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6067.json b/2006/6xxx/CVE-2006-6067.json index b16c1fa5709..9acb2051fdd 100644 --- a/2006/6xxx/CVE-2006-6067.json +++ b/2006/6xxx/CVE-2006-6067.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6067", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Estate Listing System) allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) f-email.asp, or the (2) peopleID and (2) sort_order parameters to (b) listings.asp, different vectors than CVE-2006-5955." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6067", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061117 20/20 datashed [ multiples injection sql ]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451962/100/0/threaded" - }, - { - "name" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=40", - "refsource" : "MISC", - "url" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=40" - }, - { - "name" : "21156", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21156" - }, - { - "name" : "2020datashed-multiple-sql-injection(30402)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30402" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Estate Listing System) allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) f-email.asp, or the (2) peopleID and (2) sort_order parameters to (b) listings.asp, different vectors than CVE-2006-5955." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2020datashed-multiple-sql-injection(30402)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30402" + }, + { + "name": "21156", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21156" + }, + { + "name": "20061117 20/20 datashed [ multiples injection sql ]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451962/100/0/threaded" + }, + { + "name": "http://s-a-p.ca/index.php?page=OurAdvisories&id=40", + "refsource": "MISC", + "url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=40" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6082.json b/2006/6xxx/CVE-2006-6082.json index ba04ef081e9..42ff4689927 100644 --- a/2006/6xxx/CVE-2006-6082.json +++ b/2006/6xxx/CVE-2006-6082.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts Creadirectory allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to addlisting.asp or the (2) search parameter to search.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061121 creadirectory [injection sql & xss]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452241/100/0/threaded" - }, - { - "name" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=54", - "refsource" : "MISC", - "url" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=54" - }, - { - "name" : "21230", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21230" - }, - { - "name" : "ADV-2006-4665", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4665" - }, - { - "name" : "23067", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23067" - }, - { - "name" : "1907", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1907" - }, - { - "name" : "creadirectory-addlisting-search-xss(30473)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts Creadirectory allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to addlisting.asp or the (2) search parameter to search.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21230", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21230" + }, + { + "name": "ADV-2006-4665", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4665" + }, + { + "name": "creadirectory-addlisting-search-xss(30473)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30473" + }, + { + "name": "http://s-a-p.ca/index.php?page=OurAdvisories&id=54", + "refsource": "MISC", + "url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=54" + }, + { + "name": "23067", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23067" + }, + { + "name": "1907", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1907" + }, + { + "name": "20061121 creadirectory [injection sql & xss]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452241/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6213.json b/2006/6xxx/CVE-2006-6213.json index 616bc27a88b..478932d6d89 100644 --- a/2006/6xxx/CVE-2006-6213.json +++ b/2006/6xxx/CVE-2006-6213.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in PEGames uses the extract function to overwrite critical variables, which allows remote attackers to conduct PHP remote file inclusion attacks via the abs_url parameter, which is later extracted to overwrite a previously uncontrolled value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2840", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2840" - }, - { - "name" : "20061130 source VERIFY - PEGames RFI", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-November/001153.html" - }, - { - "name" : "21266", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21266" - }, - { - "name" : "pegames-index-file-include(30517)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in PEGames uses the extract function to overwrite critical variables, which allows remote attackers to conduct PHP remote file inclusion attacks via the abs_url parameter, which is later extracted to overwrite a previously uncontrolled value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pegames-index-file-include(30517)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30517" + }, + { + "name": "2840", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2840" + }, + { + "name": "20061130 source VERIFY - PEGames RFI", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-November/001153.html" + }, + { + "name": "21266", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21266" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6690.json b/2006/6xxx/CVE-2006-6690.json index 9940bd25cb2..ad8f63853ad 100644 --- a/2006/6xxx/CVE-2006-6690.json +++ b/2006/6xxx/CVE-2006-6690.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6690", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061220 SEC Consult SA-20061220-0 :: Typo3 Command Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454944/100/0/threaded" - }, - { - "name" : "[TYPO3-announce] 20061219 Pre-announcement for important security update", - "refsource" : "MLIST", - "url" : "http://lists.netfielders.de/pipermail/typo3-announce/2006/000045.html" - }, - { - "name" : "[TYPO3-announce] 20061220 TYPO3 Security Bulletin TYPO3-20061220-1: Remote Command Execution in TYPO3", - "refsource" : "MLIST", - "url" : "http://lists.netfielders.de/pipermail/typo3-announce/2006/000046.html" - }, - { - "name" : "http://www.sec-consult.com/272.html", - "refsource" : "MISC", - "url" : "http://www.sec-consult.com/272.html" - }, - { - "name" : "http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0&cHash=e4a40a11a9", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0&cHash=e4a40a11a9" - }, - { - "name" : "21680", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21680" - }, - { - "name" : "ADV-2006-5094", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5094" - }, - { - "name" : "1017428", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017428" - }, - { - "name" : "23446", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23446" - }, - { - "name" : "23466", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23466" - }, - { - "name" : "2056", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2056" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061220 SEC Consult SA-20061220-0 :: Typo3 Command Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454944/100/0/threaded" + }, + { + "name": "23466", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23466" + }, + { + "name": "http://www.sec-consult.com/272.html", + "refsource": "MISC", + "url": "http://www.sec-consult.com/272.html" + }, + { + "name": "[TYPO3-announce] 20061219 Pre-announcement for important security update", + "refsource": "MLIST", + "url": "http://lists.netfielders.de/pipermail/typo3-announce/2006/000045.html" + }, + { + "name": "1017428", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017428" + }, + { + "name": "2056", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2056" + }, + { + "name": "[TYPO3-announce] 20061220 TYPO3 Security Bulletin TYPO3-20061220-1: Remote Command Execution in TYPO3", + "refsource": "MLIST", + "url": "http://lists.netfielders.de/pipermail/typo3-announce/2006/000046.html" + }, + { + "name": "23446", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23446" + }, + { + "name": "http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0&cHash=e4a40a11a9", + "refsource": "CONFIRM", + "url": "http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0&cHash=e4a40a11a9" + }, + { + "name": "ADV-2006-5094", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5094" + }, + { + "name": "21680", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21680" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7036.json b/2006/7xxx/CVE-2006-7036.json index cdd90ae2ef9..f21603179fd 100644 --- a/2006/7xxx/CVE-2006-7036.json +++ b/2006/7xxx/CVE-2006-7036.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in register.php for Andys Chat 4.5 allows remote attackers to execute arbitrary code via the action parameter. NOTE: this issue was announced by an unreliable researcher, but the vendor is no longer distributing the product, so the original claims can not be evaluated." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060615 Andys Chat 4.5 (action) Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437300/30/4350/threaded" - }, - { - "name" : "2284", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2284" - }, - { - "name" : "andyschat-register-file-include(27187)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27187" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in register.php for Andys Chat 4.5 allows remote attackers to execute arbitrary code via the action parameter. NOTE: this issue was announced by an unreliable researcher, but the vendor is no longer distributing the product, so the original claims can not be evaluated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "andyschat-register-file-include(27187)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27187" + }, + { + "name": "2284", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2284" + }, + { + "name": "20060615 Andys Chat 4.5 (action) Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437300/30/4350/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7194.json b/2006/7xxx/CVE-2006-7194.json index 6027f8ed9dc..e22b2fe397b 100644 --- a/2006/7xxx/CVE-2006-7194.json +++ b/2006/7xxx/CVE-2006-7194.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in modules/Mysqlfinder/MysqlfinderAdmin.php in Agora 1.4 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PATH_COMPOSANT] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061106 [ECHO_ADV_59_2006]Agora 1.4 RC1 \"$_SESSION[PATH_COMPOSANT]\"", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=116283849004075&w=2" - }, - { - "name" : "2726", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2726" - }, - { - "name" : "http://advisories.echo.or.id/adv/adv59-theday-2006.txt", - "refsource" : "MISC", - "url" : "http://advisories.echo.or.id/adv/adv59-theday-2006.txt" - }, - { - "name" : "agora-mysqlfinderadmin-file-include(30031)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in modules/Mysqlfinder/MysqlfinderAdmin.php in Agora 1.4 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PATH_COMPOSANT] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2726", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2726" + }, + { + "name": "http://advisories.echo.or.id/adv/adv59-theday-2006.txt", + "refsource": "MISC", + "url": "http://advisories.echo.or.id/adv/adv59-theday-2006.txt" + }, + { + "name": "20061106 [ECHO_ADV_59_2006]Agora 1.4 RC1 \"$_SESSION[PATH_COMPOSANT]\"", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=116283849004075&w=2" + }, + { + "name": "agora-mysqlfinderadmin-file-include(30031)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30031" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2703.json b/2010/2xxx/CVE-2010-2703.json index e804a82921a..169a035cb84 100644 --- a/2010/2xxx/CVE-2010-2703.json +++ b/2010/2xxx/CVE-2010-2703.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2010-2703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100721 VUPEN Security Research - HP OpenView Network Node Manager \"ov.dll\" Buffer Overflow Vulnerability (CVE-2010-2704)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/512544/100/0/threaded" - }, - { - "name" : "20100721 ZDI-10-137: Hewlett-Packard OpenView NNM webappmon.exe execvp_nc Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/512552/100/0/threaded" - }, - { - "name" : "14916", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14916" - }, - { - "name" : "HPSBMA02557", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127973001009749&w=2" - }, - { - "name" : "SSRT100025", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=127973001009749&w=2" - }, - { - "name" : "20100727 CVE number confusion in HP OV NNM products", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2010-July/002374.html" - }, - { - "name" : "41829", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41829" - }, - { - "name" : "66514", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/66514" - }, - { - "name" : "1024224", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024224" - }, - { - "name" : "1024238", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024238" - }, - { - "name" : "40686", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40686" - }, - { - "name" : "8161", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8161" - }, - { - "name" : "ADV-2010-1866", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1866" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1866", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1866" + }, + { + "name": "14916", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14916" + }, + { + "name": "66514", + "refsource": "OSVDB", + "url": "http://osvdb.org/66514" + }, + { + "name": "41829", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41829" + }, + { + "name": "20100721 VUPEN Security Research - HP OpenView Network Node Manager \"ov.dll\" Buffer Overflow Vulnerability (CVE-2010-2704)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/512544/100/0/threaded" + }, + { + "name": "SSRT100025", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127973001009749&w=2" + }, + { + "name": "20100727 CVE number confusion in HP OV NNM products", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2010-July/002374.html" + }, + { + "name": "40686", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40686" + }, + { + "name": "1024238", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024238" + }, + { + "name": "1024224", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024224" + }, + { + "name": "8161", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8161" + }, + { + "name": "20100721 ZDI-10-137: Hewlett-Packard OpenView NNM webappmon.exe execvp_nc Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/512552/100/0/threaded" + }, + { + "name": "HPSBMA02557", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=127973001009749&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0027.json b/2011/0xxx/CVE-2011-0027.json index 7d947a9775f..e40d89b21e9 100644 --- a/2011/0xxx/CVE-2011-0027.json +++ b/2011/0xxx/CVE-2011-0027.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka \"ADO Record Memory Vulnerability.\" NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-0027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://vreugdenhilresearch.nl/ms11-002-pwn2own-heap-overflow/", - "refsource" : "MISC", - "url" : "http://vreugdenhilresearch.nl/ms11-002-pwn2own-heap-overflow/" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-002/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-002/" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100124846", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100124846" - }, - { - "name" : "MS11-002", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-002" - }, - { - "name" : "TA11-011A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-011A.html" - }, - { - "name" : "45698", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45698" - }, - { - "name" : "70444", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70444" - }, - { - "name" : "oval:org.mitre.oval:def:12411", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12411" - }, - { - "name" : "1024947", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024947" - }, - { - "name" : "42804", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42804" - }, - { - "name" : "ADV-2011-0075", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0075" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka \"ADO Record Memory Vulnerability.\" NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0075", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0075" + }, + { + "name": "70444", + "refsource": "OSVDB", + "url": "http://osvdb.org/70444" + }, + { + "name": "MS11-002", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-002" + }, + { + "name": "1024947", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024947" + }, + { + "name": "http://vreugdenhilresearch.nl/ms11-002-pwn2own-heap-overflow/", + "refsource": "MISC", + "url": "http://vreugdenhilresearch.nl/ms11-002-pwn2own-heap-overflow/" + }, + { + "name": "oval:org.mitre.oval:def:12411", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12411" + }, + { + "name": "42804", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42804" + }, + { + "name": "45698", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45698" + }, + { + "name": "TA11-011A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-011A.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-002/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-002/" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100124846", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100124846" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0442.json b/2011/0xxx/CVE-2011-0442.json index fb53591bf20..18b088ce4d1 100644 --- a/2011/0xxx/CVE-2011-0442.json +++ b/2011/0xxx/CVE-2011-0442.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0442", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to transmit event details in (1) service requests and (2) e-mail messages, which might allow remote attackers to obtain sensitive information by sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2011-0442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110315 ESA-2011-007: EMC Avamar sensitive information disclosure vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517022/100/0/threaded" - }, - { - "name" : "46879", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46879" - }, - { - "name" : "1025213", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025213" - }, - { - "name" : "43797", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43797" - }, - { - "name" : "8139", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8139" - }, - { - "name" : "ADV-2011-0677", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0677" - }, - { - "name" : "ADV-2011-0678", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0678" - }, - { - "name" : "avamar-service-utility-info-disclosure(66109)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to transmit event details in (1) service requests and (2) e-mail messages, which might allow remote attackers to obtain sensitive information by sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "avamar-service-utility-info-disclosure(66109)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66109" + }, + { + "name": "ADV-2011-0678", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0678" + }, + { + "name": "ADV-2011-0677", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0677" + }, + { + "name": "20110315 ESA-2011-007: EMC Avamar sensitive information disclosure vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517022/100/0/threaded" + }, + { + "name": "43797", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43797" + }, + { + "name": "1025213", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025213" + }, + { + "name": "8139", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8139" + }, + { + "name": "46879", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46879" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0526.json b/2011/0xxx/CVE-2011-0526.json index ffda26eaf7c..51bc46eff88 100644 --- a/2011/0xxx/CVE-2011-0526.json +++ b/2011/0xxx/CVE-2011-0526.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forums before 2.0.17 allows remote attackers to inject arbitrary web script or HTML via the Target parameter in a /entry/signin action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-0526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110127 CVE Request:Vanilla Forums 2.0.16 <= Cross Site Scripting Vulnerability", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/01/27/2" - }, - { - "name" : "[oss-security] 20110127 Re: CVE Request:Vanilla Forums 2.0.16 <= Cross Site Scripting Vulnerability", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/01/27/5" - }, - { - "name" : "http://www.vanillaforums.org/discussion/14397/vanilla-2.0.17-released", - "refsource" : "MISC", - "url" : "http://www.vanillaforums.org/discussion/14397/vanilla-2.0.17-released" - }, - { - "name" : "http://yehg.net/lab/pr0js/advisories/%5Bvanilla_forums-2.0.16%5D_cross_site_scripting", - "refsource" : "MISC", - "url" : "http://yehg.net/lab/pr0js/advisories/%5Bvanilla_forums-2.0.16%5D_cross_site_scripting" - }, - { - "name" : "70677", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/70677" - }, - { - "name" : "43074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43074" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forums before 2.0.17 allows remote attackers to inject arbitrary web script or HTML via the Target parameter in a /entry/signin action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43074" + }, + { + "name": "70677", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/70677" + }, + { + "name": "http://www.vanillaforums.org/discussion/14397/vanilla-2.0.17-released", + "refsource": "MISC", + "url": "http://www.vanillaforums.org/discussion/14397/vanilla-2.0.17-released" + }, + { + "name": "http://yehg.net/lab/pr0js/advisories/%5Bvanilla_forums-2.0.16%5D_cross_site_scripting", + "refsource": "MISC", + "url": "http://yehg.net/lab/pr0js/advisories/%5Bvanilla_forums-2.0.16%5D_cross_site_scripting" + }, + { + "name": "[oss-security] 20110127 CVE Request:Vanilla Forums 2.0.16 <= Cross Site Scripting Vulnerability", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/01/27/2" + }, + { + "name": "[oss-security] 20110127 Re: CVE Request:Vanilla Forums 2.0.16 <= Cross Site Scripting Vulnerability", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/01/27/5" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0651.json b/2011/0xxx/CVE-2011-0651.json index f7bb3dfc2ee..7e256636494 100644 --- a/2011/0xxx/CVE-2011-0651.json +++ b/2011/0xxx/CVE-2011-0651.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the key exchange functionality in Icon Labs Iconfidant SSL Server before 1.3.0 allows remote attackers to execute arbitrary code via a client master key packet in which the sum of unspecified length fields is greater than a certain value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-021/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-021/" - }, - { - "name" : "45938", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45938" - }, - { - "name" : "70599", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70599" - }, - { - "name" : "42971", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42971" - }, - { - "name" : "iconfidant-key-bo(64868)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64868" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the key exchange functionality in Icon Labs Iconfidant SSL Server before 1.3.0 allows remote attackers to execute arbitrary code via a client master key packet in which the sum of unspecified length fields is greater than a certain value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-021/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-021/" + }, + { + "name": "iconfidant-key-bo(64868)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64868" + }, + { + "name": "70599", + "refsource": "OSVDB", + "url": "http://osvdb.org/70599" + }, + { + "name": "42971", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42971" + }, + { + "name": "45938", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45938" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1032.json b/2011/1xxx/CVE-2011-1032.json index fc07b69097d..29ee57e6bf2 100644 --- a/2011/1xxx/CVE-2011-1032.json +++ b/2011/1xxx/CVE-2011-1032.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21462435", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21462435" - }, - { - "name" : "PK54565", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK54565" - }, - { - "name" : "70931", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70931" - }, - { - "name" : "43298", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43298" - }, - { - "name" : "ADV-2011-0382", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0382" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21462435", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21462435" + }, + { + "name": "70931", + "refsource": "OSVDB", + "url": "http://osvdb.org/70931" + }, + { + "name": "ADV-2011-0382", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0382" + }, + { + "name": "43298", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43298" + }, + { + "name": "PK54565", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK54565" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1239.json b/2011/1xxx/CVE-2011-1239.json index a6276c00b11..a8916e5dd92 100644 --- a/2011/1xxx/CVE-2011-1239.json +++ b/2011/1xxx/CVE-2011-1239.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1239", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1239", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", - "refsource" : "MISC", - "url" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100133352", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100133352" - }, - { - "name" : "MS11-034", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" - }, - { - "name" : "TA11-102A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" - }, - { - "name" : "47216", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47216" - }, - { - "name" : "71754", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/71754" - }, - { - "name" : "oval:org.mitre.oval:def:11726", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11726" - }, - { - "name" : "1025345", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025345" - }, - { - "name" : "44156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44156" - }, - { - "name" : "ADV-2011-0952", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0952" - }, - { - "name" : "mswin-win32k-var27-priv-escalation(66421)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-102A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" + }, + { + "name": "mswin-win32k-var27-priv-escalation(66421)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66421" + }, + { + "name": "MS11-034", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" + }, + { + "name": "ADV-2011-0952", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0952" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100133352", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100133352" + }, + { + "name": "47216", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47216" + }, + { + "name": "71754", + "refsource": "OSVDB", + "url": "http://osvdb.org/71754" + }, + { + "name": "44156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44156" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", + "refsource": "MISC", + "url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" + }, + { + "name": "oval:org.mitre.oval:def:11726", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11726" + }, + { + "name": "1025345", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025345" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1394.json b/2011/1xxx/CVE-2011-1394.json index 705f8a3784d..a64ebb1838a 100644 --- a/2011/1xxx/CVE-2011-1394.json +++ b/2011/1xxx/CVE-2011-1394.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21584666", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21584666" - }, - { - "name" : "IV09157", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157" - }, - { - "name" : "52333", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52333" - }, - { - "name" : "48299", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48299" - }, - { - "name" : "48305", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48305" - }, - { - "name" : "maximo-uisession-dos(71985)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" + }, + { + "name": "48299", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48299" + }, + { + "name": "maximo-uisession-dos(71985)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71985" + }, + { + "name": "48305", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48305" + }, + { + "name": "IV09157", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157" + }, + { + "name": "52333", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52333" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1535.json b/2011/1xxx/CVE-2011-1535.json index 08486848ca2..4edad82a777 100644 --- a/2011/1xxx/CVE-2011-1535.json +++ b/2011/1xxx/CVE-2011-1535.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Insight Control for Linux (aka IC-Linux) before 6.3 allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-1535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02658", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777" - }, - { - "name" : "SSRT100413", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777" - }, - { - "name" : "47716", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47716" - }, - { - "name" : "1025413", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025413" - }, - { - "name" : "44269", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44269" - }, - { - "name" : "hp-insight-unspec-priv-esc(66867)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Insight Control for Linux (aka IC-Linux) before 6.3 allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47716", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47716" + }, + { + "name": "hp-insight-unspec-priv-esc(66867)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66867" + }, + { + "name": "1025413", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025413" + }, + { + "name": "HPSBMA02658", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777" + }, + { + "name": "SSRT100413", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777" + }, + { + "name": "44269", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44269" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1676.json b/2011/1xxx/CVE-2011-1676.json index f0f597865ef..4e1dddd9b51 100644 --- a/2011/1xxx/CVE-2011-1676.json +++ b/2011/1xxx/CVE-2011-1676.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1676", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file after a failed attempt to add a mount entry, which allows local users to trigger corruption of the /etc/mtab file via multiple invocations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110303 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/11" - }, - { - "name" : "[oss-security] 20110303 Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/9" - }, - { - "name" : "[oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/10" - }, - { - "name" : "[oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/12" - }, - { - "name" : "[oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/05/3" - }, - { - "name" : "[oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/05/7" - }, - { - "name" : "[oss-security] 20110307 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/07/9" - }, - { - "name" : "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/14/5" - }, - { - "name" : "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/14/7" - }, - { - "name" : "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/14/16" - }, - { - "name" : "[oss-security] 20110315 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/15/6" - }, - { - "name" : "[oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/22/4" - }, - { - "name" : "[oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/22/6" - }, - { - "name" : "[oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/31/3" - }, - { - "name" : "[oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/31/4" - }, - { - "name" : "[oss-security] 20110401 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/01/2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=688980", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=688980" - }, - { - "name" : "utillinux-mount-sec-bypass(66704)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66704" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file after a failed attempt to add a mount entry, which allows local users to trigger corruption of the /etc/mtab file via multiple invocations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/14/5" + }, + { + "name": "[oss-security] 20110303 Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/9" + }, + { + "name": "[oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/22/6" + }, + { + "name": "[oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/22/4" + }, + { + "name": "[oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/05/7" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=688980", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688980" + }, + { + "name": "utillinux-mount-sec-bypass(66704)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66704" + }, + { + "name": "[oss-security] 20110307 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/07/9" + }, + { + "name": "[oss-security] 20110401 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/01/2" + }, + { + "name": "[oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/10" + }, + { + "name": "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/14/16" + }, + { + "name": "[oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/31/4" + }, + { + "name": "[oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/12" + }, + { + "name": "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/14/7" + }, + { + "name": "[oss-security] 20110303 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/11" + }, + { + "name": "[oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/05/3" + }, + { + "name": "[oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/31/3" + }, + { + "name": "[oss-security] 20110315 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/15/6" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1998.json b/2011/1xxx/CVE-2011-1998.json index 6162f4ab940..e650f46d5a0 100644 --- a/2011/1xxx/CVE-2011-1998.json +++ b/2011/1xxx/CVE-2011-1998.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka \"Jscript9.dll Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-081", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-081" - }, - { - "name" : "49963", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49963" - }, - { - "name" : "oval:org.mitre.oval:def:13199", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13199" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka \"Jscript9.dll Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS11-081", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-081" + }, + { + "name": "49963", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49963" + }, + { + "name": "oval:org.mitre.oval:def:13199", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13199" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3254.json b/2011/3xxx/CVE-2011-3254.json index 4556b0d834b..6b478d66204 100644 --- a/2011/3xxx/CVE-2011-3254.json +++ b/2011/3xxx/CVE-2011-3254.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-3254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3675.json b/2011/3xxx/CVE-2011-3675.json index 1bb8cace1f5..0cae3d44f2b 100644 --- a/2011/3xxx/CVE-2011-3675.json +++ b/2011/3xxx/CVE-2011-3675.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3675", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-3675", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3808.json b/2011/3xxx/CVE-2011-3808.json index 20f75b4a47a..461fbda261e 100644 --- a/2011/3xxx/CVE-2011-3808.json +++ b/2011/3xxx/CVE-2011-3808.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3808", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Bug Genie 2.1.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/svn_integration/config.inc.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/thebuggenie_2.1.2", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/thebuggenie_2.1.2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bug Genie 2.1.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/svn_integration/config.inc.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/thebuggenie_2.1.2", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/thebuggenie_2.1.2" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4037.json b/2011/4xxx/CVE-2011-4037.json index 11f934ccd29..f5521ca0a3e 100644 --- a/2011/4xxx/CVE-2011-4037.json +++ b/2011/4xxx/CVE-2011-4037.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Sielco Sistemi Winlog PRO before 2.07.09 and Winlog Lite before 2.07.09 allows user-assisted remote attackers to execute arbitrary code via invalid data in unspecified fields of a project file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-4037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-298-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-298-01.pdf" - }, - { - "name" : "1026388", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1026388" - }, - { - "name" : "47078", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47078" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Sielco Sistemi Winlog PRO before 2.07.09 and Winlog Lite before 2.07.09 allows user-assisted remote attackers to execute arbitrary code via invalid data in unspecified fields of a project file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47078", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47078" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-298-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-298-01.pdf" + }, + { + "name": "1026388", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1026388" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4186.json b/2011/4xxx/CVE-2011-4186.json index 354fbdc0455..d13d2d94102 100644 --- a/2011/4xxx/CVE-2011-4186.json +++ b/2011/4xxx/CVE-2011-4186.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url, a different vulnerability than CVE-2011-1705." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=7008708", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=7008708" - }, - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=7010145", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=7010145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url, a different vulnerability than CVE-2011-1705." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.novell.com/support/viewContent.do?externalId=7008708", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=7008708" + }, + { + "name": "http://www.novell.com/support/viewContent.do?externalId=7010145", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=7010145" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4417.json b/2011/4xxx/CVE-2011-4417.json index c3bc1a2c766..d827600105c 100644 --- a/2011/4xxx/CVE-2011-4417.json +++ b/2011/4xxx/CVE-2011-4417.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4417", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4417", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4619.json b/2011/4xxx/CVE-2011-4619.json index abc9d585e8a..16859f52415 100644 --- a/2011/4xxx/CVE-2011-4619.json +++ b/2011/4xxx/CVE-2011-4619.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openssl.org/news/secadv_20120104.txt", - "refsource" : "CONFIRM", - "url" : "http://www.openssl.org/news/secadv_20120104.txt" - }, - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" - }, - { - "name" : "http://support.apple.com/kb/HT5784", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5784" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" - }, - { - "name" : "APPLE-SA-2013-06-04-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" - }, - { - "name" : "DSA-2390", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2390" - }, - { - "name" : "FEDORA-2012-18035", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" - }, - { - "name" : "HPSBMU02786", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" - }, - { - "name" : "SSRT100877", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" - }, - { - "name" : "HPSBOV02793", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134039053214295&w=2" - }, - { - "name" : "SSRT100891", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134039053214295&w=2" - }, - { - "name" : "HPSBUX02734", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132750648501816&w=2" - }, - { - "name" : "SSRT100729", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132750648501816&w=2" - }, - { - "name" : "HPSBMU02776", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133951357207000&w=2" - }, - { - "name" : "HPSBUX02782", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133728068926468&w=2" - }, - { - "name" : "SSRT100844", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133728068926468&w=2" - }, - { - "name" : "SSRT100852", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133951357207000&w=2" - }, - { - "name" : "MDVSA-2012:006", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006" - }, - { - "name" : "MDVSA-2012:007", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007" - }, - { - "name" : "RHSA-2012:1306", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1306.html" - }, - { - "name" : "RHSA-2012:1307", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1307.html" - }, - { - "name" : "RHSA-2012:1308", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1308.html" - }, - { - "name" : "SUSE-SU-2012:0084", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" - }, - { - "name" : "openSUSE-SU-2012:0083", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html" - }, - { - "name" : "VU#737740", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/737740" - }, - { - "name" : "48528", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48528" - }, - { - "name" : "57353", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48528", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48528" + }, + { + "name": "HPSBMU02786", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" + }, + { + "name": "openSUSE-SU-2012:0083", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html" + }, + { + "name": "MDVSA-2012:006", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006" + }, + { + "name": "FEDORA-2012-18035", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" + }, + { + "name": "http://www.openssl.org/news/secadv_20120104.txt", + "refsource": "CONFIRM", + "url": "http://www.openssl.org/news/secadv_20120104.txt" + }, + { + "name": "SUSE-SU-2012:0084", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" + }, + { + "name": "RHSA-2012:1308", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" + }, + { + "name": "RHSA-2012:1307", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" + }, + { + "name": "http://support.apple.com/kb/HT5784", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5784" + }, + { + "name": "APPLE-SA-2013-06-04-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" + }, + { + "name": "VU#737740", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/737740" + }, + { + "name": "HPSBUX02734", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132750648501816&w=2" + }, + { + "name": "MDVSA-2012:007", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007" + }, + { + "name": "RHSA-2012:1306", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" + }, + { + "name": "HPSBOV02793", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134039053214295&w=2" + }, + { + "name": "57353", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57353" + }, + { + "name": "HPSBUX02782", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133728068926468&w=2" + }, + { + "name": "SSRT100891", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134039053214295&w=2" + }, + { + "name": "SSRT100852", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133951357207000&w=2" + }, + { + "name": "SSRT100729", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132750648501816&w=2" + }, + { + "name": "SSRT100877", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" + }, + { + "name": "DSA-2390", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2390" + }, + { + "name": "HPSBMU02776", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133951357207000&w=2" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" + }, + { + "name": "SSRT100844", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133728068926468&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4936.json b/2011/4xxx/CVE-2011-4936.json index c2f5f4094b4..70bfd53e202 100644 --- a/2011/4xxx/CVE-2011-4936.json +++ b/2011/4xxx/CVE-2011-4936.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4936", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0822. Reason: This candidate is a reservation duplicate of CVE-2012-0822. Notes: All CVE users should reference CVE-2012-0822 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4936", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0822. Reason: This candidate is a reservation duplicate of CVE-2012-0822. Notes: All CVE users should reference CVE-2012-0822 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5383.json b/2013/5xxx/CVE-2013-5383.json index 436f17d5a68..15cc4d24757 100644 --- a/2013/5xxx/CVE-2013-5383.json +++ b/2013/5xxx/CVE-2013-5383.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5382." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-5383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21651085", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21651085" - }, - { - "name" : "IV40704", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV40704" - }, - { - "name" : "55068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55068" - }, - { - "name" : "55070", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55070" - }, - { - "name" : "maximo-cve20135383-priv-esc(86934)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86934" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5382." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55070", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55070" + }, + { + "name": "IV40704", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV40704" + }, + { + "name": "55068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55068" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085" + }, + { + "name": "maximo-cve20135383-priv-esc(86934)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86934" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5571.json b/2013/5xxx/CVE-2013-5571.json index c451a6064fd..e52620f3ab8 100644 --- a/2013/5xxx/CVE-2013-5571.json +++ b/2013/5xxx/CVE-2013-5571.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5571", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5571", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2011.json b/2014/2xxx/CVE-2014-2011.json index da5b5c9827c..160392fcbad 100644 --- a/2014/2xxx/CVE-2014-2011.json +++ b/2014/2xxx/CVE-2014-2011.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2011", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2011", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2133.json b/2014/2xxx/CVE-2014-2133.json index e1a81cb7a1f..909563d88b5 100644 --- a/2014/2xxx/CVE-2014-2133.json +++ b/2014/2xxx/CVE-2014-2133.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file that triggers improper LZW decompression, aka Bug ID CSCuj87565." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-2133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140507 Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file that triggers improper LZW decompression, aka Bug ID CSCuj87565." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140507 Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2274.json b/2014/2xxx/CVE-2014-2274.json index 067ee3c4fb5..1cf8289ec8c 100644 --- a/2014/2xxx/CVE-2014-2274.json +++ b/2014/2xxx/CVE-2014-2274.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via a request to the subscribe-to-comments-reloaded/options/index.php page to wp-admin/admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security.dxw.com/advisories/stored-xss-and-csrf-vulnerabilities-in-subscribe-to-comments-reloaded-140129/", - "refsource" : "MISC", - "url" : "https://security.dxw.com/advisories/stored-xss-and-csrf-vulnerabilities-in-subscribe-to-comments-reloaded-140129/" - }, - { - "name" : "https://wordpress.org/plugins/subscribe-to-comments-reloaded/#developers", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/subscribe-to-comments-reloaded/#developers" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via a request to the subscribe-to-comments-reloaded/options/index.php page to wp-admin/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/subscribe-to-comments-reloaded/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/subscribe-to-comments-reloaded/#developers" + }, + { + "name": "https://security.dxw.com/advisories/stored-xss-and-csrf-vulnerabilities-in-subscribe-to-comments-reloaded-140129/", + "refsource": "MISC", + "url": "https://security.dxw.com/advisories/stored-xss-and-csrf-vulnerabilities-in-subscribe-to-comments-reloaded-140129/" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2356.json b/2014/2xxx/CVE-2014-2356.json index aa398d19e09..864cac74967 100644 --- a/2014/2xxx/CVE-2014-2356.json +++ b/2014/2xxx/CVE-2014-2356.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2356", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-2356", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-02", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-02", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-02" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2475.json b/2014/2xxx/CVE-2014-2475.json index 9862b151e9a..9dba6fec502 100644 --- a/2014/2xxx/CVE-2014-2475.json +++ b/2014/2xxx/CVE-2014-2475.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-2475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "1031034", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "1031034", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031034" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2554.json b/2014/2xxx/CVE-2014-2554.json index 412cceb717b..63b7cd95600 100644 --- a/2014/2xxx/CVE-2014-2554.json +++ b/2014/2xxx/CVE-2014-2554.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.otrs.com/security-advisory-2014-05-clickjacking-issue/", - "refsource" : "CONFIRM", - "url" : "http://www.otrs.com/security-advisory-2014-05-clickjacking-issue/" - }, - { - "name" : "openSUSE-SU-2014:0561", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.otrs.com/security-advisory-2014-05-clickjacking-issue/", + "refsource": "CONFIRM", + "url": "http://www.otrs.com/security-advisory-2014-05-clickjacking-issue/" + }, + { + "name": "openSUSE-SU-2014:0561", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6207.json b/2014/6xxx/CVE-2014-6207.json index d69bd01c70b..d29403a4596 100644 --- a/2014/6xxx/CVE-2014-6207.json +++ b/2014/6xxx/CVE-2014-6207.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6207", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6207", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6341.json b/2014/6xxx/CVE-2014-6341.json index d2a0b8aa5fe..8c8287e39e9 100644 --- a/2014/6xxx/CVE-2014-6341.json +++ b/2014/6xxx/CVE-2014-6341.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-4143." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-6341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-065", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-065" - }, - { - "name" : "70338", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70338" - }, - { - "name" : "1031185", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-4143." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031185", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031185" + }, + { + "name": "70338", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70338" + }, + { + "name": "MS14-065", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-065" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6353.json b/2014/6xxx/CVE-2014-6353.json index cd52ef50a9c..5c6926ff44e 100644 --- a/2014/6xxx/CVE-2014-6353.json +++ b/2014/6xxx/CVE-2014-6353.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-6353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-065", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-065" - }, - { - "name" : "70333", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70333" - }, - { - "name" : "1031185", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031185", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031185" + }, + { + "name": "MS14-065", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-065" + }, + { + "name": "70333", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70333" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6858.json b/2014/6xxx/CVE-2014-6858.json index fb550f0fe89..b128c6ebcc2 100644 --- a/2014/6xxx/CVE-2014-6858.json +++ b/2014/6xxx/CVE-2014-6858.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Mostafa Shemeas (aka com.mostafa.shemeas.website) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#873337", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/873337" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mostafa Shemeas (aka com.mostafa.shemeas.website) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#873337", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/873337" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7388.json b/2014/7xxx/CVE-2014-7388.json index edaf20e10d7..a2b0b45b197 100644 --- a/2014/7xxx/CVE-2014-7388.json +++ b/2014/7xxx/CVE-2014-7388.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Sunday Indian Oriya (aka com.magzter.thesundayindianoriya) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#542633", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/542633" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sunday Indian Oriya (aka com.magzter.thesundayindianoriya) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#542633", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/542633" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7679.json b/2014/7xxx/CVE-2014-7679.json index 96340290e5d..e2da1463db1 100644 --- a/2014/7xxx/CVE-2014-7679.json +++ b/2014/7xxx/CVE-2014-7679.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7679", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7679", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7728.json b/2014/7xxx/CVE-2014-7728.json index 8ae63d87f33..87f7b155162 100644 --- a/2014/7xxx/CVE-2014-7728.json +++ b/2014/7xxx/CVE-2014-7728.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Logan Banner (aka com.soln.S8B5C1F53B8CBE06D5DE0A0E7E23DCDA7) application 1.0010.b0010 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#149537", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/149537" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Logan Banner (aka com.soln.S8B5C1F53B8CBE06D5DE0A0E7E23DCDA7) application 1.0010.b0010 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#149537", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/149537" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7748.json b/2014/7xxx/CVE-2014-7748.json index 314806afa02..0c372bbe525 100644 --- a/2014/7xxx/CVE-2014-7748.json +++ b/2014/7xxx/CVE-2014-7748.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Garip Ve Ilginc Olaylar (aka com.wGaripveeIlgincOlay) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#283297", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/283297" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Garip Ve Ilginc Olaylar (aka com.wGaripveeIlgincOlay) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#283297", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/283297" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7834.json b/2014/7xxx/CVE-2014-7834.json index 694f6d39aaa..f32683c0202 100644 --- a/2014/7xxx/CVE-2014-7834.json +++ b/2014/7xxx/CVE-2014-7834.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussions web service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-7834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141117 Moodle security issues are now public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/11/17/11" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45303", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45303" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=275159", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=275159" - }, - { - "name" : "1031215", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussions web service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031215", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031215" + }, + { + "name": "[oss-security] 20141117 Moodle security issues are now public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/11/17/11" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=275159", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=275159" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45303", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45303" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0111.json b/2017/0xxx/CVE-2017-0111.json index bd9f5f0396d..d862ce3e01b 100644 --- a/2017/0xxx/CVE-2017-0111.json +++ b/2017/0xxx/CVE-2017-0111.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Uniscribe", - "version" : { - "version_data" : [ - { - "version_value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Uniscribe Information Disclosure Vulnerability.\" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Uniscribe", + "version": { + "version_data": [ + { + "version_value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41655", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41655/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0111", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0111" - }, - { - "name" : "96658", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96658" - }, - { - "name" : "1037992", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Uniscribe Information Disclosure Vulnerability.\" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96658", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96658" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0111", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0111" + }, + { + "name": "1037992", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037992" + }, + { + "name": "41655", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41655/" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0121.json b/2017/0xxx/CVE-2017-0121.json index 074a2ab14f3..ce084c5b575 100644 --- a/2017/0xxx/CVE-2017-0121.json +++ b/2017/0xxx/CVE-2017-0121.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Uniscribe", - "version" : { - "version_data" : [ - { - "version_value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Uniscribe Information Disclosure Vulnerability.\" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Uniscribe", + "version": { + "version_data": [ + { + "version_value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41655", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41655/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0121", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0121" - }, - { - "name" : "96678", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96678" - }, - { - "name" : "1037992", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Uniscribe Information Disclosure Vulnerability.\" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96678", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96678" + }, + { + "name": "1037992", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037992" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0121", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0121" + }, + { + "name": "41655", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41655/" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0267.json b/2017/0xxx/CVE-2017-0267.json index 8b6ece1a239..6e12b8728ef 100644 --- a/2017/0xxx/CVE-2017-0267.json +++ b/2017/0xxx/CVE-2017-0267.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Server Message Block 1.0", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Server Message Block 1.0", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0267", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0267" - }, - { - "name" : "98259", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98259" - }, - { - "name" : "1038432", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98259", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98259" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0267", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0267" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" + }, + { + "name": "1038432", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038432" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0283.json b/2017/0xxx/CVE-2017-0283.json index f01884eccb1..fd2e191876e 100644 --- a/2017/0xxx/CVE-2017-0283.json +++ b/2017/0xxx/CVE-2017-0283.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Uniscribe", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka \"Windows Uniscribe Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8528." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Uniscribe", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42234", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42234/" - }, - { - "name" : "https://0patch.blogspot.com/2017/07/0patching-quick-brown-fox-of-cve-2017.html", - "refsource" : "MISC", - "url" : "https://0patch.blogspot.com/2017/07/0patching-quick-brown-fox-of-cve-2017.html" - }, - { - "name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1198", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1198" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0283", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0283" - }, - { - "name" : "98920", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98920" - }, - { - "name" : "1038675", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038675" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka \"Windows Uniscribe Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8528." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42234", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42234/" + }, + { + "name": "1038675", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038675" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0283", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0283" + }, + { + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1198", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1198" + }, + { + "name": "98920", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98920" + }, + { + "name": "https://0patch.blogspot.com/2017/07/0patching-quick-brown-fox-of-cve-2017.html", + "refsource": "MISC", + "url": "https://0patch.blogspot.com/2017/07/0patching-quick-brown-fox-of-cve-2017.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0534.json b/2017/0xxx/CVE-2017-0534.json index deffcdbb566..7da63ceaa77 100644 --- a/2017/0xxx/CVE-2017-0534.json +++ b/2017/0xxx/CVE-2017-0534.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32508732. References: QC-CR#1088206." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f" - }, - { - "name" : "96734", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96734" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32508732. References: QC-CR#1088206." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "96734", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96734" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18090.json b/2017/18xxx/CVE-2017-18090.json index c0d36e752c8..feec6d205d6 100644 --- a/2017/18xxx/CVE-2017-18090.json +++ b/2017/18xxx/CVE-2017-18090.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-02-16T00:00:00", - "ID" : "CVE-2017-18090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Fisheye", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 4.5.1" - }, - { - "version_value" : "prior to 4.6.0" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-02-16T00:00:00", + "ID": "CVE-2017-18090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fisheye", + "version": { + "version_data": [ + { + "version_value": "prior to 4.5.1" + }, + { + "version_value": "prior to 4.6.0" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/FE-7000", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/FE-7000" - }, - { - "name" : "103076", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103076" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.atlassian.com/browse/FE-7000", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/FE-7000" + }, + { + "name": "103076", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103076" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1141.json b/2017/1xxx/CVE-2017-1141.json index e915dd38779..fa305d77060 100644 --- a/2017/1xxx/CVE-2017-1141.json +++ b/2017/1xxx/CVE-2017-1141.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "IBM Insights Foundation for Energy", - "version" : { - "version_data" : [ - { - "version_value" : "1.0, 1.5, 1.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. IBM X-Force ID: 121907." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "IBM Insights Foundation for Energy", + "version": { + "version_data": [ + { + "version_value": "1.0, 1.5, 1.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22002620", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22002620" - }, - { - "name" : "98161", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98161" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. IBM X-Force ID: 121907." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22002620", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22002620" + }, + { + "name": "98161", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98161" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1525.json b/2017/1xxx/CVE-2017-1525.json index 0c2c8afdb75..ffa3975dee9 100644 --- a/2017/1xxx/CVE-2017-1525.json +++ b/2017/1xxx/CVE-2017-1525.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1525", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1525", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1535.json b/2017/1xxx/CVE-2017-1535.json index 893bbe496bc..b5254268ec8 100644 --- a/2017/1xxx/CVE-2017-1535.json +++ b/2017/1xxx/CVE-2017-1535.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-08-25T00:00:00", - "ID" : "CVE-2017-1535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cognos Analytics", - "version" : { - "version_data" : [ - { - "version_value" : "11.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130677." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-08-25T00:00:00", + "ID": "CVE-2017-1535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cognos Analytics", + "version": { + "version_data": [ + { + "version_value": "11.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130677", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130677" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22007242", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22007242" - }, - { - "name" : "100834", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100834" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130677." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130677", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130677" + }, + { + "name": "100834", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100834" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22007242", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22007242" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5162.json b/2017/5xxx/CVE-2017-5162.json index 0c0900dc9d9..c55b2011bfe 100644 --- a/2017/5xxx/CVE-2017-5162.json +++ b/2017/5xxx/CVE-2017-5162.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-5162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BINOM3 Electric Power Quality Meter", - "version" : { - "version_data" : [ - { - "version_value" : "BINOM3 Electric Power Quality Meter" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "BINOM3 Electric Power Quality Meter Lack of authentication" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-5162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BINOM3 Electric Power Quality Meter", + "version": { + "version_data": [ + { + "version_value": "BINOM3 Electric Power Quality Meter" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A" - }, - { - "name" : "93028", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "BINOM3 Electric Power Quality Meter Lack of authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A" + }, + { + "name": "93028", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93028" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5173.json b/2017/5xxx/CVE-2017-5173.json index 82cdda16736..753958b4f55 100644 --- a/2017/5xxx/CVE-2017-5173.json +++ b/2017/5xxx/CVE-2017-5173.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-5173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Geutebruck IP Cameras", - "version" : { - "version_data" : [ - { - "version_value" : "Geutebruck IP Cameras" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-78" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-5173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Geutebruck IP Cameras", + "version": { + "version_data": [ + { + "version_value": "Geutebruck IP Cameras" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41360", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41360/" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-045-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-045-02" - }, - { - "name" : "96209", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96209", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96209" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-045-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-045-02" + }, + { + "name": "41360", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41360/" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5204.json b/2017/5xxx/CVE-2017-5204.json index 9adcf5d48cc..39981847373 100644 --- a/2017/5xxx/CVE-2017-5204.json +++ b/2017/5xxx/CVE-2017-5204.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", - "refsource" : "CONFIRM", - "url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" - }, - { - "name" : "DSA-3775", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3775" - }, - { - "name" : "GLSA-201702-30", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-30" - }, - { - "name" : "RHSA-2017:1871", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1871" - }, - { - "name" : "95852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95852" - }, - { - "name" : "1037755", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037755", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037755" + }, + { + "name": "DSA-3775", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3775" + }, + { + "name": "RHSA-2017:1871", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1871" + }, + { + "name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", + "refsource": "CONFIRM", + "url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" + }, + { + "name": "95852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95852" + }, + { + "name": "GLSA-201702-30", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-30" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5633.json b/2017/5xxx/CVE-2017-5633.json index fda50130985..dc6b873179e 100644 --- a/2017/5xxx/CVE-2017-5633.json +++ b/2017/5xxx/CVE-2017-5633.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted requests to CGI programs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Feb/70", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Feb/70" - }, - { - "name" : "96475", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96475" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted requests to CGI programs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96475", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96475" + }, + { + "name": "http://seclists.org/fulldisclosure/2017/Feb/70", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Feb/70" + } + ] + } +} \ No newline at end of file