From 21f157dde1c6111bbb1a187a855d3e7f329d80db Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:30:57 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/2xxx/CVE-2006-2677.json | 140 ++-- 2006/2xxx/CVE-2006-2705.json | 170 ++--- 2006/3xxx/CVE-2006-3192.json | 190 ++--- 2006/3xxx/CVE-2006-3294.json | 170 ++--- 2006/3xxx/CVE-2006-3330.json | 190 ++--- 2006/3xxx/CVE-2006-3733.json | 210 +++--- 2006/6xxx/CVE-2006-6012.json | 130 ++-- 2006/6xxx/CVE-2006-6325.json | 34 +- 2006/6xxx/CVE-2006-6396.json | 150 ++-- 2006/6xxx/CVE-2006-6537.json | 160 ++-- 2006/6xxx/CVE-2006-6754.json | 170 ++--- 2010/2xxx/CVE-2010-2781.json | 34 +- 2011/0xxx/CVE-2011-0722.json | 200 ++--- 2011/0xxx/CVE-2011-0757.json | 230 +++--- 2011/0xxx/CVE-2011-0914.json | 140 ++-- 2011/1xxx/CVE-2011-1071.json | 360 ++++----- 2011/1xxx/CVE-2011-1739.json | 170 ++--- 2011/3xxx/CVE-2011-3393.json | 130 ++-- 2011/3xxx/CVE-2011-3881.json | 260 +++---- 2011/4xxx/CVE-2011-4103.json | 160 ++-- 2011/4xxx/CVE-2011-4346.json | 160 ++-- 2011/4xxx/CVE-2011-4644.json | 140 ++-- 2011/5xxx/CVE-2011-5296.json | 120 +-- 2013/5xxx/CVE-2013-5468.json | 130 ++-- 2013/5xxx/CVE-2013-5663.json | 150 ++-- 2014/2xxx/CVE-2014-2604.json | 140 ++-- 2014/3xxx/CVE-2014-3443.json | 130 ++-- 2014/6xxx/CVE-2014-6278.json | 1250 ++++++++++++++++---------------- 2014/6xxx/CVE-2014-6737.json | 140 ++-- 2014/6xxx/CVE-2014-6774.json | 140 ++-- 2014/7xxx/CVE-2014-7018.json | 140 ++-- 2014/7xxx/CVE-2014-7103.json | 140 ++-- 2014/7xxx/CVE-2014-7437.json | 140 ++-- 2014/7xxx/CVE-2014-7994.json | 130 ++-- 2017/0xxx/CVE-2017-0008.json | 140 ++-- 2017/0xxx/CVE-2017-0790.json | 132 ++-- 2017/18xxx/CVE-2017-18242.json | 120 +-- 2017/18xxx/CVE-2017-18357.json | 130 ++-- 2017/1xxx/CVE-2017-1220.json | 140 ++-- 2017/1xxx/CVE-2017-1260.json | 34 +- 2017/1xxx/CVE-2017-1288.json | 34 +- 2017/1xxx/CVE-2017-1710.json | 152 ++-- 2017/1xxx/CVE-2017-1717.json | 288 ++++---- 2017/5xxx/CVE-2017-5099.json | 170 ++--- 2017/5xxx/CVE-2017-5590.json | 170 ++--- 2017/5xxx/CVE-2017-5635.json | 148 ++-- 2017/5xxx/CVE-2017-5710.json | 172 ++--- 2017/5xxx/CVE-2017-5790.json | 142 ++-- 48 files changed, 4210 insertions(+), 4210 deletions(-) diff --git a/2006/2xxx/CVE-2006-2677.json b/2006/2xxx/CVE-2006-2677.json index fb9a2c3f10c..b2706d6b182 100644 --- a/2006/2xxx/CVE-2006-2677.json +++ b/2006/2xxx/CVE-2006-2677.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2677", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SiteScape Forum 7.2 and possibly earlier stores the avf.rc configuraiton file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive path information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.uniras.gov.uk/niscc/docs/br-20060525-00374.html?lang=en", - "refsource" : "MISC", - "url" : "http://www.uniras.gov.uk/niscc/docs/br-20060525-00374.html?lang=en" - }, - { - "name" : "20266", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20266" - }, - { - "name" : "sitescapeforum-avf-path-disclosure(26671)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SiteScape Forum 7.2 and possibly earlier stores the avf.rc configuraiton file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive path information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.uniras.gov.uk/niscc/docs/br-20060525-00374.html?lang=en", + "refsource": "MISC", + "url": "http://www.uniras.gov.uk/niscc/docs/br-20060525-00374.html?lang=en" + }, + { + "name": "20266", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20266" + }, + { + "name": "sitescapeforum-avf-path-disclosure(26671)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26671" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2705.json b/2006/2xxx/CVE-2006-2705.json index c3ed6823552..e4e5e683aa9 100644 --- a/2006/2xxx/CVE-2006-2705.json +++ b/2006/2xxx/CVE-2006-2705.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows remote attackers to cause an unspecified denial of service via a large number of forged client registration messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/WDON-6QANQU", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/WDON-6QANQU" - }, - { - "name" : "VU#207161", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/207161" - }, - { - "name" : "ADV-2006-2069", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2069" - }, - { - "name" : "1016184", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016184" - }, - { - "name" : "20378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20378" - }, - { - "name" : "c5evm-registration-message-dos(26742)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows remote attackers to cause an unspecified denial of service via a large number of forged client registration messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20378" + }, + { + "name": "http://www.kb.cert.org/vuls/id/WDON-6QANQU", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/WDON-6QANQU" + }, + { + "name": "c5evm-registration-message-dos(26742)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26742" + }, + { + "name": "ADV-2006-2069", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2069" + }, + { + "name": "1016184", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016184" + }, + { + "name": "VU#207161", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/207161" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3192.json b/2006/3xxx/CVE-2006-3192.json index 4e9bc715186..4a4852ce857 100644 --- a/2006/3xxx/CVE-2006-3192.json +++ b/2006/3xxx/CVE-2006-3192.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in Ad Manager Pro 2.6 allows remote attackers to execute arbitrary PHP code via a URL in the (1) ipath parameter in common.php and (2) unspecified vectors in ad.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1923", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1923" - }, - { - "name" : "http://phpwebscripts.com/forum/viewtopic.php?t=1640", - "refsource" : "MISC", - "url" : "http://phpwebscripts.com/forum/viewtopic.php?t=1640" - }, - { - "name" : "18558", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18558" - }, - { - "name" : "ADV-2006-2447", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2447" - }, - { - "name" : "26674", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26674" - }, - { - "name" : "26673", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26673" - }, - { - "name" : "20744", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20744" - }, - { - "name" : "admanagerpro-common-ad-file-include(27523)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in Ad Manager Pro 2.6 allows remote attackers to execute arbitrary PHP code via a URL in the (1) ipath parameter in common.php and (2) unspecified vectors in ad.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2447", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2447" + }, + { + "name": "admanagerpro-common-ad-file-include(27523)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27523" + }, + { + "name": "18558", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18558" + }, + { + "name": "http://phpwebscripts.com/forum/viewtopic.php?t=1640", + "refsource": "MISC", + "url": "http://phpwebscripts.com/forum/viewtopic.php?t=1640" + }, + { + "name": "26673", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26673" + }, + { + "name": "20744", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20744" + }, + { + "name": "1923", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1923" + }, + { + "name": "26674", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26674" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3294.json b/2006/3xxx/CVE-2006-3294.json index f51bd0465d7..41499410fc6 100644 --- a/2006/3xxx/CVE-2006-3294.json +++ b/2006/3xxx/CVE-2006-3294.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in mod_cbsms_messages.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1955", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1955" - }, - { - "name" : "18660", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18660" - }, - { - "name" : "ADV-2006-2528", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2528" - }, - { - "name" : "26862", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26862" - }, - { - "name" : "20823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20823" - }, - { - "name" : "cbsms-multiple-scripts-file-include(27374)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27374" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in mod_cbsms_messages.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cbsms-multiple-scripts-file-include(27374)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27374" + }, + { + "name": "26862", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26862" + }, + { + "name": "18660", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18660" + }, + { + "name": "1955", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1955" + }, + { + "name": "ADV-2006-2528", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2528" + }, + { + "name": "20823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20823" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3330.json b/2006/3xxx/CVE-2006-3330.json index 1e432e6c4ea..33e41aa17f6 100644 --- a/2006/3xxx/CVE-2006-3330.json +++ b/2006/3xxx/CVE-2006-3330.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the (1) ProductName (\"Title\" field), (2) url, and (3) Description parameters, possibly related to issues in add1.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060628 PHPClassifieds General", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438667/100/0/threaded" - }, - { - "name" : "18717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18717" - }, - { - "name" : "18713", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18713" - }, - { - "name" : "ADV-2006-2589", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2589" - }, - { - "name" : "1016407", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016407" - }, - { - "name" : "20880", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20880" - }, - { - "name" : "1179", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1179" - }, - { - "name" : "phpclassifieds-postingad-xss(27454)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27454" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the (1) ProductName (\"Title\" field), (2) url, and (3) Description parameters, possibly related to issues in add1.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18717" + }, + { + "name": "20880", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20880" + }, + { + "name": "phpclassifieds-postingad-xss(27454)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27454" + }, + { + "name": "18713", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18713" + }, + { + "name": "20060628 PHPClassifieds General", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438667/100/0/threaded" + }, + { + "name": "ADV-2006-2589", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2589" + }, + { + "name": "1016407", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016407" + }, + { + "name": "1179", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1179" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3733.json b/2006/3xxx/CVE-2006-3733.json index d90bd0e9a55..1af9b55c7a9 100644 --- a/2006/3xxx/CVE-2006-3733.json +++ b/2006/3xxx/CVE-2006-3733.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060720 Cisco MARS < 4.2.1 remote compromise", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440641/100/100/threaded" - }, - { - "name" : "20060720 Cisco MARS < 4.2.1 remote compromise", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html" - }, - { - "name" : "20060719 Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS)", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml" - }, - { - "name" : "19071", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19071" - }, - { - "name" : "19075", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19075" - }, - { - "name" : "ADV-2006-2887", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2887" - }, - { - "name" : "27419", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27419" - }, - { - "name" : "1016537", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016537" - }, - { - "name" : "21118", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21118" - }, - { - "name" : "cisco-jboss-command-execution(27811)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19071", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19071" + }, + { + "name": "cisco-jboss-command-execution(27811)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27811" + }, + { + "name": "20060719 Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS)", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml" + }, + { + "name": "21118", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21118" + }, + { + "name": "20060720 Cisco MARS < 4.2.1 remote compromise", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html" + }, + { + "name": "ADV-2006-2887", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2887" + }, + { + "name": "19075", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19075" + }, + { + "name": "20060720 Cisco MARS < 4.2.1 remote compromise", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440641/100/100/threaded" + }, + { + "name": "27419", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27419" + }, + { + "name": "1016537", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016537" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6012.json b/2006/6xxx/CVE-2006-6012.json index 973c96b9049..ee40ca891f3 100644 --- a/2006/6xxx/CVE-2006-6012.json +++ b/2006/6xxx/CVE-2006-6012.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-4532", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4532" - }, - { - "name" : "carsitemanager-listings-xss(30274)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30274" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4532", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4532" + }, + { + "name": "carsitemanager-listings-xss(30274)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30274" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6325.json b/2006/6xxx/CVE-2006-6325.json index 09666232bda..23773934e5d 100644 --- a/2006/6xxx/CVE-2006-6325.json +++ b/2006/6xxx/CVE-2006-6325.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6325", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6325", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6396.json b/2006/6xxx/CVE-2006-6396.json index 374c324c498..f24031dabab 100644 --- a/2006/6xxx/CVE-2006-6396.json +++ b/2006/6xxx/CVE-2006-6396.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in BlazeVideo HDTV Player 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist, a different product than CVE-2006-6199. NOTE: it was later reported that 3.5 is also affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2880", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2880" - }, - { - "name" : "21399", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21399" - }, - { - "name" : "30442", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30442" - }, - { - "name" : "23192", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in BlazeVideo HDTV Player 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist, a different product than CVE-2006-6199. NOTE: it was later reported that 3.5 is also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2880", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2880" + }, + { + "name": "23192", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23192" + }, + { + "name": "30442", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30442" + }, + { + "name": "21399", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21399" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6537.json b/2006/6xxx/CVE-2006-6537.json index 6726da985d1..0bd713b166f 100644 --- a/2006/6xxx/CVE-2006-6537.json +++ b/2006/6xxx/CVE-2006-6537.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly 10, allows remote attackers to bypass authentication via a modified pnl parameter, related to hod/HODAdmin.html and hod/frameset.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061211 Unauthenticated access to IBM Host On-Demand administration pages", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454050/100/0/threaded" - }, - { - "name" : "ADV-2006-4943", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4943" - }, - { - "name" : "22652", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22652" - }, - { - "name" : "2030", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2030" - }, - { - "name" : "websphere-pnl-authentication-bypass(30826)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30826" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly 10, allows remote attackers to bypass authentication via a modified pnl parameter, related to hod/HODAdmin.html and hod/frameset.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "websphere-pnl-authentication-bypass(30826)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30826" + }, + { + "name": "22652", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22652" + }, + { + "name": "20061211 Unauthenticated access to IBM Host On-Demand administration pages", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454050/100/0/threaded" + }, + { + "name": "2030", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2030" + }, + { + "name": "ADV-2006-4943", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4943" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6754.json b/2006/6xxx/CVE-2006-6754.json index 19e8ead68c3..3d297421f22 100644 --- a/2006/6xxx/CVE-2006-6754.json +++ b/2006/6xxx/CVE-2006-6754.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Ixprim 1.2 allow remote attackers to execute arbitrary SQL commands via the story_id parameter to ixm_ixpnews.php, and unspecified other vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061221 Ixprim CMS 1.2 Remote Blind SQL Injection Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455084/100/0/threaded" - }, - { - "name" : "http://acid-root.new.fr/poc/16061221.txt", - "refsource" : "MISC", - "url" : "http://acid-root.new.fr/poc/16061221.txt" - }, - { - "name" : "21710", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21710" - }, - { - "name" : "ADV-2006-5133", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5133" - }, - { - "name" : "23453", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23453" - }, - { - "name" : "2073", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Ixprim 1.2 allow remote attackers to execute arbitrary SQL commands via the story_id parameter to ixm_ixpnews.php, and unspecified other vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061221 Ixprim CMS 1.2 Remote Blind SQL Injection Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455084/100/0/threaded" + }, + { + "name": "ADV-2006-5133", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5133" + }, + { + "name": "21710", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21710" + }, + { + "name": "23453", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23453" + }, + { + "name": "http://acid-root.new.fr/poc/16061221.txt", + "refsource": "MISC", + "url": "http://acid-root.new.fr/poc/16061221.txt" + }, + { + "name": "2073", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2073" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2781.json b/2010/2xxx/CVE-2010-2781.json index fb4c00a8079..0a39fa6cd91 100644 --- a/2010/2xxx/CVE-2010-2781.json +++ b/2010/2xxx/CVE-2010-2781.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2781", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2781", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0722.json b/2011/0xxx/CVE-2011-0722.json index bfe14a47741..e986e6a1907 100644 --- a/2011/0xxx/CVE-2011-0722.json +++ b/2011/0xxx/CVE-2011-0722.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2011-0722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ffmpeg.mplayerhq.hu/", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.mplayerhq.hu/" - }, - { - "name" : "DSA-2306", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2306" - }, - { - "name" : "MDVSA-2011:061", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061" - }, - { - "name" : "MDVSA-2011:062", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062" - }, - { - "name" : "MDVSA-2011:089", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089" - }, - { - "name" : "MDVSA-2011:114", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114" - }, - { - "name" : "USN-1104-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-1104-1/" - }, - { - "name" : "47149", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47149" - }, - { - "name" : "ADV-2011-1241", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/1241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2306", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2306" + }, + { + "name": "MDVSA-2011:061", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061" + }, + { + "name": "MDVSA-2011:062", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062" + }, + { + "name": "MDVSA-2011:114", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114" + }, + { + "name": "USN-1104-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-1104-1/" + }, + { + "name": "MDVSA-2011:089", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089" + }, + { + "name": "http://ffmpeg.mplayerhq.hu/", + "refsource": "CONFIRM", + "url": "http://ffmpeg.mplayerhq.hu/" + }, + { + "name": "ADV-2011-1241", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/1241" + }, + { + "name": "47149", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47149" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0757.json b/2011/0xxx/CVE-2011-0757.json index 63b5e1fe92c..87b4e2ff716 100644 --- a/2011/0xxx/CVE-2011-0757.json +++ b/2011/0xxx/CVE-2011-0757.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66811", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66811" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66814", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66814" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66815", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66815" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21426108", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21426108" - }, - { - "name" : "IC66811", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1IC66811" - }, - { - "name" : "IC66814", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1IC66814" - }, - { - "name" : "IC66815", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1IC66815" - }, - { - "name" : "46064", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46064" - }, - { - "name" : "70773", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70773" - }, - { - "name" : "oval:org.mitre.oval:def:14295", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14295" - }, - { - "name" : "43148", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43148" - }, - { - "name" : "ibm-db2-dbadm-priv-esc(65008)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66815", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66815" + }, + { + "name": "IC66814", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC66814" + }, + { + "name": "43148", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43148" + }, + { + "name": "IC66815", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC66815" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21426108", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21426108" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66814", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66814" + }, + { + "name": "70773", + "refsource": "OSVDB", + "url": "http://osvdb.org/70773" + }, + { + "name": "oval:org.mitre.oval:def:14295", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14295" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66811", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66811" + }, + { + "name": "ibm-db2-dbadm-priv-esc(65008)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65008" + }, + { + "name": "46064", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46064" + }, + { + "name": "IC66811", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC66811" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0914.json b/2011/0xxx/CVE-2011-0914.json index afc30bc3c76..d0072a39702 100644 --- a/2011/0xxx/CVE-2011-0914.json +++ b/2011/0xxx/CVE-2011-0914.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP client request, leading to a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-11-052/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-11-052/" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21461514", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21461514" - }, - { - "name" : "43208", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43208" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP client request, leading to a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43208", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43208" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-11-052/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-11-052/" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1071.json b/2011/1xxx/CVE-2011-1071.json index eead574b56d..428cc920e9d 100644 --- a/2011/1xxx/CVE-2011-1071.json +++ b/2011/1xxx/CVE-2011-1071.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a \"stack extension attack,\" a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" - }, - { - "name" : "20110224 glibc and alloca()", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2011/Feb/635" - }, - { - "name" : "20110226 Re: glibc and alloca()", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2011/Feb/644" - }, - { - "name" : "[oss-security] 20110228 Re: cve request: eglibc memory corruption", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/28/11" - }, - { - "name" : "[oss-security] 20110228 Re: cve request: eglibc memory corruption", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/28/15" - }, - { - "name" : "[oss-security] 20110228 cve request: eglibc memory corruption", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/26/3" - }, - { - "name" : "http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html", - "refsource" : "MISC", - "url" : "http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html" - }, - { - "name" : "http://bugs.debian.org/615120", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/615120" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=48733", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=48733" - }, - { - "name" : "http://sourceware.org/bugzilla/show_bug.cgi?id=11883", - "refsource" : "CONFIRM", - "url" : "http://sourceware.org/bugzilla/show_bug.cgi?id=11883" - }, - { - "name" : "http://sourceware.org/git/?p=glibc.git;a=commit;h=f15ce4d8dc139523fe0c273580b604b2453acba6", - "refsource" : "CONFIRM", - "url" : "http://sourceware.org/git/?p=glibc.git;a=commit;h=f15ce4d8dc139523fe0c273580b604b2453acba6" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=681054", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=681054" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" - }, - { - "name" : "MDVSA-2011:178", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178" - }, - { - "name" : "RHSA-2011:0412", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0412.html" - }, - { - "name" : "RHSA-2011:0413", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0413.html" - }, - { - "name" : "46563", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46563" - }, - { - "name" : "oval:org.mitre.oval:def:12853", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12853" - }, - { - "name" : "1025290", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025290" - }, - { - "name" : "43492", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43492" - }, - { - "name" : "43830", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43830" - }, - { - "name" : "43989", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43989" - }, - { - "name" : "46397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46397" - }, - { - "name" : "8175", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8175" - }, - { - "name" : "ADV-2011-0863", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0863" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a \"stack extension attack,\" a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46563", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46563" + }, + { + "name": "8175", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8175" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=681054", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=681054" + }, + { + "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded" + }, + { + "name": "46397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46397" + }, + { + "name": "RHSA-2011:0412", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0412.html" + }, + { + "name": "ADV-2011-0863", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0863" + }, + { + "name": "http://bugs.debian.org/615120", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/615120" + }, + { + "name": "43989", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43989" + }, + { + "name": "1025290", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025290" + }, + { + "name": "http://sourceware.org/bugzilla/show_bug.cgi?id=11883", + "refsource": "CONFIRM", + "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=11883" + }, + { + "name": "43492", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43492" + }, + { + "name": "[oss-security] 20110228 cve request: eglibc memory corruption", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/26/3" + }, + { + "name": "oval:org.mitre.oval:def:12853", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12853" + }, + { + "name": "[oss-security] 20110228 Re: cve request: eglibc memory corruption", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/28/11" + }, + { + "name": "20110224 glibc and alloca()", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2011/Feb/635" + }, + { + "name": "20110226 Re: glibc and alloca()", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2011/Feb/644" + }, + { + "name": "MDVSA-2011:178", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178" + }, + { + "name": "43830", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43830" + }, + { + "name": "http://sourceware.org/git/?p=glibc.git;a=commit;h=f15ce4d8dc139523fe0c273580b604b2453acba6", + "refsource": "CONFIRM", + "url": "http://sourceware.org/git/?p=glibc.git;a=commit;h=f15ce4d8dc139523fe0c273580b604b2453acba6" + }, + { + "name": "RHSA-2011:0413", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0413.html" + }, + { + "name": "http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html", + "refsource": "MISC", + "url": "http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" + }, + { + "name": "[oss-security] 20110228 Re: cve request: eglibc memory corruption", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/28/15" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=48733", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=48733" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1739.json b/2011/1xxx/CVE-2011-1739.json index bc1521be752..87c31e1df90 100644 --- a/2011/1xxx/CVE-2011-1739.json +++ b/2011/1xxx/CVE-2011-1739.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1739", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 does not properly handle a -network field specifying a CIDR block with a prefix length that is not an integer multiple of 8, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances via an NFS mount request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secteam@freebsd.org", + "ID": "CVE-2011-1739", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-11:01", - "refsource" : "FREEBSD", - "url" : "http://security.FreeBSD.org/advisories/FreeBSD-SA-11:01.mountd.asc" - }, - { - "name" : "47517", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47517" - }, - { - "name" : "1025425", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025425" - }, - { - "name" : "44307", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44307" - }, - { - "name" : "ADV-2011-1076", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/1076" - }, - { - "name" : "freebsd-mountd-security-bypass(66981)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 does not properly handle a -network field specifying a CIDR block with a prefix length that is not an integer multiple of 8, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances via an NFS mount request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-1076", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/1076" + }, + { + "name": "FreeBSD-SA-11:01", + "refsource": "FREEBSD", + "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-11:01.mountd.asc" + }, + { + "name": "47517", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47517" + }, + { + "name": "freebsd-mountd-security-bypass(66981)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66981" + }, + { + "name": "1025425", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025425" + }, + { + "name": "44307", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44307" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3393.json b/2011/3xxx/CVE-2011-3393.json index 74408ac95b6..4531c0633df 100644 --- a/2011/3xxx/CVE-2011-3393.json +++ b/2011/3xxx/CVE-2011-3393.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in findagent.php in MYRE Real Estate Software allow remote attackers to inject arbitrary web script or HTML via the (1) country1, (2) state1, or (3) city1 parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secpod.org/advisories/SECPOD_MRS_SQL_XSS_Vuln.txt", - "refsource" : "MISC", - "url" : "http://secpod.org/advisories/SECPOD_MRS_SQL_XSS_Vuln.txt" - }, - { - "name" : "8376", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8376" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in findagent.php in MYRE Real Estate Software allow remote attackers to inject arbitrary web script or HTML via the (1) country1, (2) state1, or (3) city1 parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secpod.org/advisories/SECPOD_MRS_SQL_XSS_Vuln.txt", + "refsource": "MISC", + "url": "http://secpod.org/advisories/SECPOD_MRS_SQL_XSS_Vuln.txt" + }, + { + "name": "8376", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8376" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3881.json b/2011/3xxx/CVE-2011-3881.json index 0449938fe90..41cc63ce769 100644 --- a/2011/3xxx/CVE-2011-3881.json +++ b/2011/3xxx/CVE-2011-3881.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.rafayhackingarticles.net/2014/10/a-tale-of-another-sop-bypass-in-android.html", - "refsource" : "MISC", - "url" : "http://www.rafayhackingarticles.net/2014/10/a-tale-of-another-sop-bypass-in-android.html" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=96047", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=96047" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=96885", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=96885" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=98053", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=98053" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=99512", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=99512" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=99750", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=99750" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html" - }, - { - "name" : "https://android.googlesource.com/platform/external/webkit/+/109d59bf6fe4abfd001fc60ddd403f1046b117ef", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/external/webkit/+/109d59bf6fe4abfd001fc60ddd403f1046b117ef" - }, - { - "name" : "APPLE-SA-2012-03-07-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-03-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" - }, - { - "name" : "oval:org.mitre.oval:def:12940", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12940" - }, - { - "name" : "1026774", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026774" - }, - { - "name" : "48288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48288" - }, - { - "name" : "48377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48377" - }, - { - "name" : "google-chrome-security-bypass(70959)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70959" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.rafayhackingarticles.net/2014/10/a-tale-of-another-sop-bypass-in-android.html", + "refsource": "MISC", + "url": "http://www.rafayhackingarticles.net/2014/10/a-tale-of-another-sop-bypass-in-android.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=98053", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=98053" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=96885", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=96885" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=96047", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=96047" + }, + { + "name": "1026774", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026774" + }, + { + "name": "48377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48377" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=99750", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=99750" + }, + { + "name": "google-chrome-security-bypass(70959)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70959" + }, + { + "name": "https://android.googlesource.com/platform/external/webkit/+/109d59bf6fe4abfd001fc60ddd403f1046b117ef", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/external/webkit/+/109d59bf6fe4abfd001fc60ddd403f1046b117ef" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=99512", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=99512" + }, + { + "name": "APPLE-SA-2012-03-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" + }, + { + "name": "oval:org.mitre.oval:def:12940", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12940" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html" + }, + { + "name": "48288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48288" + }, + { + "name": "APPLE-SA-2012-03-07-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4103.json b/2011/4xxx/CVE-2011-4103.json index 6d298f3b543..baceca726d3 100644 --- a/2011/4xxx/CVE-2011-4103.json +++ b/2011/4xxx/CVE-2011-4103.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111101 Re: CVE request for Django-piston and Tastypie", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/11/01/10" - }, - { - "name" : "https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/", - "refsource" : "MISC", - "url" : "https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/" - }, - { - "name" : "https://bitbucket.org/jespern/django-piston/commits/91bdaec89543/", - "refsource" : "CONFIRM", - "url" : "https://bitbucket.org/jespern/django-piston/commits/91bdaec89543/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=750658", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=750658" - }, - { - "name" : "DSA-2344", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=750658", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750658" + }, + { + "name": "https://bitbucket.org/jespern/django-piston/commits/91bdaec89543/", + "refsource": "CONFIRM", + "url": "https://bitbucket.org/jespern/django-piston/commits/91bdaec89543/" + }, + { + "name": "DSA-2344", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2344" + }, + { + "name": "https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/", + "refsource": "MISC", + "url": "https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/" + }, + { + "name": "[oss-security] 20111101 Re: CVE request for Django-piston and Tastypie", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/11/01/10" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4346.json b/2011/4xxx/CVE-2011-4346.json index aa9d8f1cc7c..42d73d46d62 100644 --- a/2011/4xxx/CVE-2011-4346.json +++ b/2011/4xxx/CVE-2011-4346.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=742050", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=742050" - }, - { - "name" : "RHSA-2011:1794", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1794.html" - }, - { - "name" : "50963", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50963" - }, - { - "name" : "1026391", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026391" - }, - { - "name" : "47162", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47162", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47162" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=742050", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=742050" + }, + { + "name": "RHSA-2011:1794", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1794.html" + }, + { + "name": "50963", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50963" + }, + { + "name": "1026391", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026391" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4644.json b/2011/4xxx/CVE-2011-4644.json index 39de5ab7a47..7f9d721a5f9 100644 --- a/2011/4xxx/CVE-2011-4644.json +++ b/2011/4xxx/CVE-2011-4644.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18245", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18245/" - }, - { - "name" : "http://www.sec-1.com/blog/?p=233", - "refsource" : "MISC", - "url" : "http://www.sec-1.com/blog/?p=233" - }, - { - "name" : "http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf", - "refsource" : "MISC", - "url" : "http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sec-1.com/blog/?p=233", + "refsource": "MISC", + "url": "http://www.sec-1.com/blog/?p=233" + }, + { + "name": "http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf", + "refsource": "MISC", + "url": "http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf" + }, + { + "name": "18245", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18245/" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5296.json b/2011/5xxx/CVE-2011-5296.json index 859644756ce..f960b09abd1 100644 --- a/2011/5xxx/CVE-2011-5296.json +++ b/2011/5xxx/CVE-2011-5296.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in profilo.php in Happy Chat 1.0 allows remote attackers to inject arbitrary web script or HTML via the nick parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB23001", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in profilo.php in Happy Chat 1.0 allows remote attackers to inject arbitrary web script or HTML via the nick parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.com/advisory/HTB23001", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23001" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5468.json b/2013/5xxx/CVE-2013-5468.json index 68d84f955a0..f321b6ed5c8 100644 --- a/2013/5xxx/CVE-2013-5468.json +++ b/2013/5xxx/CVE-2013-5468.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, does not encrypt login requests, which allows remote attackers to obtain sensitive information by sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-5468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21666110", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21666110" - }, - { - "name" : "ibm-algo-one-cve20135468-encryption(88382)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88382" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, does not encrypt login requests, which allows remote attackers to obtain sensitive information by sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21666110", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21666110" + }, + { + "name": "ibm-algo-one-cve20135468-encryption(88382)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88382" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5663.json b/2013/5xxx/CVE-2013-5663.json index d8e0cd04866..28f0ee48d55 100644 --- a/2013/5xxx/CVE-2013-5663.json +++ b/2013/5xxx/CVE-2013-5663.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2 allows remote attackers to bypass intended security policies via crafted requests that trigger invalid caching, as demonstrated by incorrect identification of HTTP traffic as SIP traffic, aka Ref ID 47195." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cansecwest.com/csw11/Network%20Application%20FW%20vs.%20Contemporary%20Threats%20(Brad%20Woodberg%20-%20Final).pptx", - "refsource" : "MISC", - "url" : "http://cansecwest.com/csw11/Network%20Application%20FW%20vs.%20Contemporary%20Threats%20(Brad%20Woodberg%20-%20Final).pptx" - }, - { - "name" : "http://pastie.org/pastes/5568186/text", - "refsource" : "MISC", - "url" : "http://pastie.org/pastes/5568186/text" - }, - { - "name" : "http://researchcenter.paloaltonetworks.com/2013/01/app-id-cache-pollution-update/", - "refsource" : "CONFIRM", - "url" : "http://researchcenter.paloaltonetworks.com/2013/01/app-id-cache-pollution-update/" - }, - { - "name" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/19", - "refsource" : "CONFIRM", - "url" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/19" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2 allows remote attackers to bypass intended security policies via crafted requests that trigger invalid caching, as demonstrated by incorrect identification of HTTP traffic as SIP traffic, aka Ref ID 47195." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/19", + "refsource": "CONFIRM", + "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/19" + }, + { + "name": "http://researchcenter.paloaltonetworks.com/2013/01/app-id-cache-pollution-update/", + "refsource": "CONFIRM", + "url": "http://researchcenter.paloaltonetworks.com/2013/01/app-id-cache-pollution-update/" + }, + { + "name": "http://pastie.org/pastes/5568186/text", + "refsource": "MISC", + "url": "http://pastie.org/pastes/5568186/text" + }, + { + "name": "http://cansecwest.com/csw11/Network%20Application%20FW%20vs.%20Contemporary%20Threats%20(Brad%20Woodberg%20-%20Final).pptx", + "refsource": "MISC", + "url": "http://cansecwest.com/csw11/Network%20Application%20FW%20vs.%20Contemporary%20Threats%20(Brad%20Woodberg%20-%20Final).pptx" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2604.json b/2014/2xxx/CVE-2014-2604.json index baf1ed5d4b3..3d7151e38d1 100644 --- a/2014/2xxx/CVE-2014-2604.json +++ b/2014/2xxx/CVE-2014-2604.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP IceWall SSO 10.0 Dfw and IceWall MCRP 2.1 and 3.0 allows remote attackers to cause a denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2014-2604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBGN03007", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04278900" - }, - { - "name" : "SSRT101515", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04278900" - }, - { - "name" : "1030264", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030264" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP IceWall SSO 10.0 Dfw and IceWall MCRP 2.1 and 3.0 allows remote attackers to cause a denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101515", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04278900" + }, + { + "name": "HPSBGN03007", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04278900" + }, + { + "name": "1030264", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030264" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3443.json b/2014/3xxx/CVE-2014-3443.json index 85f59d9be8e..48f7ce84f62 100644 --- a/2014/3xxx/CVE-2014-3443.json +++ b/2014/3xxx/CVE-2014-3443.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JetMPAd.ax in JetAudio 8.1.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33332", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33332" - }, - { - "name" : "67319", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67319" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JetMPAd.ax in JetAudio 8.1.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33332", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33332" + }, + { + "name": "67319", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67319" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6278.json b/2014/6xxx/CVE-2014-6278.json index 70594f137fa..7d0114ce885 100644 --- a/2014/6xxx/CVE-2014-6278.json +++ b/2014/6xxx/CVE-2014-6278.json @@ -1,627 +1,627 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2014-6278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39887", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39887/" - }, - { - "name" : "39568", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39568/" - }, - { - "name" : "http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html", - "refsource" : "MISC", - "url" : "http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html" - }, - { - "name" : "http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html", - "refsource" : "MISC", - "url" : "http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html" - }, - { - "name" : "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html" - }, - { - "name" : "http://packetstormsecurity.com/files/137344/Sun-Secure-Global-Desktop-Oracle-Global-Desktop-Shellshock.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/137344/Sun-Secure-Global-Desktop-Oracle-Global-Desktop-Shellshock.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1147414", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1147414" - }, - { - "name" : "https://security-tracker.debian.org/tracker/CVE-2014-6278", - "refsource" : "CONFIRM", - "url" : "https://security-tracker.debian.org/tracker/CVE-2014-6278" - }, - { - "name" : "http://support.novell.com/security/cve/CVE-2014-6278.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/security/cve/CVE-2014-6278.html" - }, - { - "name" : "https://www.suse.com/support/shellshock/", - "refsource" : "CONFIRM", - "url" : "https://www.suse.com/support/shellshock/" - }, - { - "name" : "https://kb.bluecoat.com/index?page=content&id=SA82", - "refsource" : "CONFIRM", - "url" : "https://kb.bluecoat.com/index?page=content&id=SA82" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685749" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685914" - }, - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7015721", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7015721" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0010.html" - }, - { - "name" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685541" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685604" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685733" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686131" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686479" - }, - { - "name" : "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", - "refsource" : "CONFIRM", - "url" : "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315" - }, - { - "name" : "https://support.citrix.com/article/CTX200217", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX200217" - }, - { - "name" : "https://support.citrix.com/article/CTX200223", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX200223" - }, - { - "name" : "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686246" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686445" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686494" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21687079" - }, - { - "name" : "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", - "refsource" : "CONFIRM", - "url" : "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts" - }, - { - "name" : "http://www.qnap.com/i/en/support/con_show.php?cid=61", - "refsource" : "CONFIRM", - "url" : "http://www.qnap.com/i/en/support/con_show.php?cid=61" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-3093", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-3093" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-3094", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-3094" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10085" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183" - }, - { - "name" : "20140926 GNU Bash Environment Variable Command Injection Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash" - }, - { - "name" : "HPSBGN03138", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141330468527613&w=2" - }, - { - "name" : "HPSBHF03125", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141345648114150&w=2" - }, - { - "name" : "HPSBGN03141", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141383304022067&w=2" - }, - { - "name" : "HPSBGN03142", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141383244821813&w=2" - }, - { - "name" : "HPSBHF03146", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141383353622268&w=2" - }, - { - "name" : "HPSBMU03143", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141383026420882&w=2" - }, - { - "name" : "HPSBMU03144", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141383081521087&w=2" - }, - { - "name" : "HPSBST03129", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141383196021590&w=2" - }, - { - "name" : "HPSBST03157", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141450491804793&w=2" - }, - { - "name" : "HPSBHF03145", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141383465822787&w=2" - }, - { - "name" : "HPSBMU03165", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141577137423233&w=2" - }, - { - "name" : "HPSBMU03182", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141585637922673&w=2" - }, - { - "name" : "HPSBST03154", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141577297623641&w=2" - }, - { - "name" : "HPSBST03155", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141576728022234&w=2" - }, - { - "name" : "HPSBST03181", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141577241923505&w=2" - }, - { - "name" : "HPSBMU03217", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141879528318582&w=2" - }, - { - "name" : "HPSBMU03245", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142358026505815&w=2" - }, - { - "name" : "HPSBMU03246", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142358078406056&w=2" - }, - { - "name" : "SSRT101742", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142358026505815&w=2" - }, - { - "name" : "SSRT101827", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141879528318582&w=2" - }, - { - "name" : "HPSBGN03233", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142118135300698&w=2" - }, - { - "name" : "SSRT101739", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142118135300698&w=2" - }, - { - "name" : "SSRT101868", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142118135300698&w=2" - }, - { - "name" : "HPSBMU03220", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142721162228379&w=2" - }, - { - "name" : "SSRT101819", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142721162228379&w=2" - }, - { - "name" : "MDVSA-2015:164", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164" - }, - { - "name" : "SUSE-SU-2014:1287", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html" - }, - { - "name" : "openSUSE-SU-2014:1310", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html" - }, - { - "name" : "USN-2380-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2380-1" - }, - { - "name" : "JVN#55667175", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN55667175/index.html" - }, - { - "name" : "JVNDB-2014-000126", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126" - }, - { - "name" : "61641", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61641" - }, - { - "name" : "59907", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59907" - }, - { - "name" : "61283", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61283" - }, - { - "name" : "61485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61485" - }, - { - "name" : "61503", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61503" - }, - { - "name" : "61552", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61552" - }, - { - "name" : "61565", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61565" - }, - { - "name" : "61603", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61603" - }, - { - "name" : "61633", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61633" - }, - { - "name" : "61643", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61643" - }, - { - "name" : "61654", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61654" - }, - { - "name" : "61703", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61703" - }, - { - "name" : "58200", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58200" - }, - { - "name" : "60034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60034" - }, - { - "name" : "60055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60055" - }, - { - "name" : "60193", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60193" - }, - { - "name" : "60325", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60325" - }, - { - "name" : "61065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61065" - }, - { - "name" : "61128", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61128" - }, - { - "name" : "61129", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61129" - }, - { - "name" : "61287", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61287" - }, - { - "name" : "61312", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61312" - }, - { - "name" : "61313", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61313" - }, - { - "name" : "61328", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61328" - }, - { - "name" : "61442", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61442" - }, - { - "name" : "61471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61471" - }, - { - "name" : "61550", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61550" - }, - { - "name" : "61780", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61780" - }, - { - "name" : "61816", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61816" - }, - { - "name" : "61857", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61857" - }, - { - "name" : "60024", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60024" - }, - { - "name" : "60063", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60063" - }, - { - "name" : "60044", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60044" - }, - { - "name" : "60433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60433" - }, - { - "name" : "61291", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61291" - }, - { - "name" : "59961", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59961" - }, - { - "name" : "62312", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62312" - }, - { - "name" : "62343", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62343" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685749" + }, + { + "name": "HPSBMU03165", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141577137423233&w=2" + }, + { + "name": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", + "refsource": "CONFIRM", + "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-3093", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-3093" + }, + { + "name": "SSRT101819", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142721162228379&w=2" + }, + { + "name": "HPSBMU03245", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142358026505815&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686479" + }, + { + "name": "JVN#55667175", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN55667175/index.html" + }, + { + "name": "60433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60433" + }, + { + "name": "HPSBMU03143", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141383026420882&w=2" + }, + { + "name": "HPSBMU03182", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141585637922673&w=2" + }, + { + "name": "http://packetstormsecurity.com/files/137344/Sun-Secure-Global-Desktop-Oracle-Global-Desktop-Shellshock.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/137344/Sun-Secure-Global-Desktop-Oracle-Global-Desktop-Shellshock.html" + }, + { + "name": "HPSBST03155", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141576728022234&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685541" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html" + }, + { + "name": "61816", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61816" + }, + { + "name": "openSUSE-SU-2014:1310", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html" + }, + { + "name": "61442", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61442" + }, + { + "name": "HPSBMU03246", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142358078406056&w=2" + }, + { + "name": "61283", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61283" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10085" + }, + { + "name": "61654", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61654" + }, + { + "name": "USN-2380-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2380-1" + }, + { + "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", + "refsource": "CONFIRM", + "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315" + }, + { + "name": "62312", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62312" + }, + { + "name": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", + "refsource": "CONFIRM", + "url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html" + }, + { + "name": "HPSBMU03217", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141879528318582&w=2" + }, + { + "name": "https://security-tracker.debian.org/tracker/CVE-2014-6278", + "refsource": "CONFIRM", + "url": "https://security-tracker.debian.org/tracker/CVE-2014-6278" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685604" + }, + { + "name": "SSRT101868", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142118135300698&w=2" + }, + { + "name": "61703", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61703" + }, + { + "name": "61065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61065" + }, + { + "name": "HPSBST03129", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141383196021590&w=2" + }, + { + "name": "HPSBMU03144", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141383081521087&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686445" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686131" + }, + { + "name": "JVNDB-2014-000126", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126" + }, + { + "name": "SSRT101827", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141879528318582&w=2" + }, + { + "name": "61641", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61641" + }, + { + "name": "39887", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39887/" + }, + { + "name": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648" + }, + { + "name": "SUSE-SU-2014:1287", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685914" + }, + { + "name": "MDVSA-2015:164", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075" + }, + { + "name": "HPSBMU03220", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142721162228379&w=2" + }, + { + "name": "60325", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60325" + }, + { + "name": "60024", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60024" + }, + { + "name": "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html" + }, + { + "name": "http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html", + "refsource": "MISC", + "url": "http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html" + }, + { + "name": "20140926 GNU Bash Environment Variable Command Injection Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1147414", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147414" + }, + { + "name": "62343", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62343" + }, + { + "name": "61565", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61565" + }, + { + "name": "https://www.suse.com/support/shellshock/", + "refsource": "CONFIRM", + "url": "https://www.suse.com/support/shellshock/" + }, + { + "name": "HPSBST03157", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141450491804793&w=2" + }, + { + "name": "61313", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61313" + }, + { + "name": "SSRT101742", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142358026505815&w=2" + }, + { + "name": "61485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61485" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183" + }, + { + "name": "HPSBST03154", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141577297623641&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272" + }, + { + "name": "HPSBGN03142", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141383244821813&w=2" + }, + { + "name": "61312", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61312" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-3094", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-3094" + }, + { + "name": "60193", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60193" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0010.html" + }, + { + "name": "60063", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60063" + }, + { + "name": "60034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60034" + }, + { + "name": "59907", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59907" + }, + { + "name": "58200", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58200" + }, + { + "name": "HPSBST03181", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141577241923505&w=2" + }, + { + "name": "61643", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61643" + }, + { + "name": "http://www.novell.com/support/kb/doc.php?id=7015721", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7015721" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687079" + }, + { + "name": "61503", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61503" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686246" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915" + }, + { + "name": "http://support.novell.com/security/cve/CVE-2014-6278.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/security/cve/CVE-2014-6278.html" + }, + { + "name": "HPSBHF03145", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141383465822787&w=2" + }, + { + "name": "http://www.qnap.com/i/en/support/con_show.php?cid=61", + "refsource": "CONFIRM", + "url": "http://www.qnap.com/i/en/support/con_show.php?cid=61" + }, + { + "name": "61552", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61552" + }, + { + "name": "61780", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61780" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279" + }, + { + "name": "https://support.citrix.com/article/CTX200223", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX200223" + }, + { + "name": "39568", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39568/" + }, + { + "name": "HPSBGN03138", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141330468527613&w=2" + }, + { + "name": "60044", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60044" + }, + { + "name": "61291", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61291" + }, + { + "name": "HPSBHF03125", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141345648114150&w=2" + }, + { + "name": "61287", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61287" + }, + { + "name": "HPSBHF03146", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141383353622268&w=2" + }, + { + "name": "HPSBGN03233", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142118135300698&w=2" + }, + { + "name": "SSRT101739", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142118135300698&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361" + }, + { + "name": "HPSBGN03141", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141383304022067&w=2" + }, + { + "name": "61128", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61128" + }, + { + "name": "https://support.citrix.com/article/CTX200217", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX200217" + }, + { + "name": "61471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61471" + }, + { + "name": "60055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60055" + }, + { + "name": "59961", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59961" + }, + { + "name": "61550", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61550" + }, + { + "name": "61633", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61633" + }, + { + "name": "http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html", + "refsource": "MISC", + "url": "http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686494" + }, + { + "name": "https://kb.bluecoat.com/index?page=content&id=SA82", + "refsource": "CONFIRM", + "url": "https://kb.bluecoat.com/index?page=content&id=SA82" + }, + { + "name": "61328", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61328" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685733" + }, + { + "name": "61129", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61129" + }, + { + "name": "61603", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61603" + }, + { + "name": "61857", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61857" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6737.json b/2014/6xxx/CVE-2014-6737.json index e070524a5f6..37f51283772 100644 --- a/2014/6xxx/CVE-2014-6737.json +++ b/2014/6xxx/CVE-2014-6737.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6737", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Ultimate Target-Armored Sniper (aka air.wood.liame.ultimatetarget) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#243257", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/243257" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Ultimate Target-Armored Sniper (aka air.wood.liame.ultimatetarget) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#243257", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/243257" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6774.json b/2014/6xxx/CVE-2014-6774.json index b5fb8c18e06..c929fab62fa 100644 --- a/2014/6xxx/CVE-2014-6774.json +++ b/2014/6xxx/CVE-2014-6774.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The USEK (aka com.university.usek) application 1.0.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#697601", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/697601" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The USEK (aka com.university.usek) application 1.0.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#697601", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/697601" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7018.json b/2014/7xxx/CVE-2014-7018.json index 46157e3676a..f9202f7df24 100644 --- a/2014/7xxx/CVE-2014-7018.json +++ b/2014/7xxx/CVE-2014-7018.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LOVE DANCE (aka com.efunfun.ddianle.lovedance) application 1.2.0626 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#473993", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/473993" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LOVE DANCE (aka com.efunfun.ddianle.lovedance) application 1.2.0626 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#473993", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/473993" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7103.json b/2014/7xxx/CVE-2014-7103.json index f9fb95fefdd..50660e857f2 100644 --- a/2014/7xxx/CVE-2014-7103.json +++ b/2014/7xxx/CVE-2014-7103.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Oskarshamnsliv (aka appinventor.ai_stadslivsguiden.Oskarshamnsliv) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#643481", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/643481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Oskarshamnsliv (aka appinventor.ai_stadslivsguiden.Oskarshamnsliv) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#643481", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/643481" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7437.json b/2014/7xxx/CVE-2014-7437.json index aa7f2d3778a..5ae43879010 100644 --- a/2014/7xxx/CVE-2014-7437.json +++ b/2014/7xxx/CVE-2014-7437.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Love Horoscope Guide (aka com.charl.charlylovehoroscopes) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#937753", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/937753" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Love Horoscope Guide (aka com.charl.charlylovehoroscopes) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "VU#937753", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/937753" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7994.json b/2014/7xxx/CVE-2014-7994.json index fcd0ac86c91..fceac42e2f8 100644 --- a/2014/7xxx/CVE-2014-7994.json +++ b/2014/7xxx/CVE-2014-7994.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, aka Cisco-Meraki defect ID 00301991." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-7994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36798", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36798" - }, - { - "name" : "https://dashboard.meraki.com/firmware_security", - "refsource" : "CONFIRM", - "url" : "https://dashboard.meraki.com/firmware_security" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, aka Cisco-Meraki defect ID 00301991." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36798", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36798" + }, + { + "name": "https://dashboard.meraki.com/firmware_security", + "refsource": "CONFIRM", + "url": "https://dashboard.meraki.com/firmware_security" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0008.json b/2017/0xxx/CVE-2017-0008.json index d162cb768f1..93ca4823bc8 100644 --- a/2017/0xxx/CVE-2017-0008.json +++ b/2017/0xxx/CVE-2017-0008.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Internet Explorer", - "version" : { - "version_data" : [ - { - "version_value" : "Internet Explorer 9 through 11" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Internet Explorer Information Disclosure Vulnerability.\" This vulnerability is different from those described in CVE-2017-0009 and CVE-2017-0059." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer", + "version": { + "version_data": [ + { + "version_value": "Internet Explorer 9 through 11" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0008", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0008" - }, - { - "name" : "96073", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96073" - }, - { - "name" : "1038008", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Internet Explorer Information Disclosure Vulnerability.\" This vulnerability is different from those described in CVE-2017-0009 and CVE-2017-0059." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0008", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0008" + }, + { + "name": "1038008", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038008" + }, + { + "name": "96073", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96073" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0790.json b/2017/0xxx/CVE-2017-0790.json index e3c10feaa47..523898bfb91 100644 --- a/2017/0xxx/CVE-2017-0790.json +++ b/2017/0xxx/CVE-2017-0790.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-09-05T00:00:00", - "ID" : "CVE-2017-0790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37357704. References: B-V2017053101." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-09-05T00:00:00", + "ID": "CVE-2017-0790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "100655", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100655" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37357704. References: B-V2017053101." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + }, + { + "name": "100655", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100655" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18242.json b/2017/18xxx/CVE-2017-18242.json index 1fe54732169..42483dc4a5f 100644 --- a/2017/18xxx/CVE-2017-18242.json +++ b/2017/18xxx/CVE-2017-18242.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The apply_dependent_coupling function in libavcodec/aacdec.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.libav.org/show_bug.cgi?id=1093", - "refsource" : "MISC", - "url" : "https://bugzilla.libav.org/show_bug.cgi?id=1093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The apply_dependent_coupling function in libavcodec/aacdec.c in Libav 12.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted aac file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.libav.org/show_bug.cgi?id=1093", + "refsource": "MISC", + "url": "https://bugzilla.libav.org/show_bug.cgi?id=1093" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18357.json b/2017/18xxx/CVE-2017-18357.json index ce92c04eea2..3b646f1e07d 100644 --- a/2017/18xxx/CVE-2017-18357.json +++ b/2017/18xxx/CVE-2017-18357.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe/", - "refsource" : "MISC", - "url" : "https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe/" - }, - { - "name" : "https://demo.ripstech.com/projects/shopware_5.3.3", - "refsource" : "MISC", - "url" : "https://demo.ripstech.com/projects/shopware_5.3.3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://demo.ripstech.com/projects/shopware_5.3.3", + "refsource": "MISC", + "url": "https://demo.ripstech.com/projects/shopware_5.3.3" + }, + { + "name": "https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe/", + "refsource": "MISC", + "url": "https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe/" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1220.json b/2017/1xxx/CVE-2017-1220.json index 66e4e59100c..25aee80f934 100644 --- a/2017/1xxx/CVE-2017-1220.json +++ b/2017/1xxx/CVE-2017-1220.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123860." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123860", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123860" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22009673", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22009673" - }, - { - "name" : "101571", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123860." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101571", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101571" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22009673", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22009673" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123860", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123860" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1260.json b/2017/1xxx/CVE-2017-1260.json index 60f28816b31..c9fb73ad6a9 100644 --- a/2017/1xxx/CVE-2017-1260.json +++ b/2017/1xxx/CVE-2017-1260.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1260", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1260", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1288.json b/2017/1xxx/CVE-2017-1288.json index 44fdc02a2ab..211248e81e2 100644 --- a/2017/1xxx/CVE-2017-1288.json +++ b/2017/1xxx/CVE-2017-1288.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1288", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1288", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1710.json b/2017/1xxx/CVE-2017-1710.json index 4b5ce471707..2a0beaaa8fd 100644 --- a/2017/1xxx/CVE-2017-1710.json +++ b/2017/1xxx/CVE-2017-1710.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-11-08T00:00:00", - "ID" : "CVE-2017-1710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Storwize V7000 (2076)", - "version" : { - "version_data" : [ - { - "version_value" : "8.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-11-08T00:00:00", + "ID": "CVE-2017-1710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Storwize V7000 (2076)", + "version": { + "version_data": [ + { + "version_value": "8.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134531", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134531" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1010788", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ssg1S1010788" - }, - { - "name" : "101770", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101770" - }, - { - "name" : "1039776", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039776" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=ssg1S1010788", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ssg1S1010788" + }, + { + "name": "1039776", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039776" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134531", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134531" + }, + { + "name": "101770", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101770" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1717.json b/2017/1xxx/CVE-2017-1717.json index d7589bd6165..caa86f26d89 100644 --- a/2017/1xxx/CVE-2017-1717.json +++ b/2017/1xxx/CVE-2017-1717.json @@ -1,146 +1,146 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-06-28T00:00:00", - "ID" : "CVE-2017-1717", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Quality Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - }, - { - "product_name" : "Rational Collaborative Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134796." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-06-28T00:00:00", + "ID": "CVE-2017-1717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Quality Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + }, + { + "product_name": "Rational Collaborative Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www-prd-trops.events.ibm.com/node/715749", - "refsource" : "CONFIRM", - "url" : "https://www-prd-trops.events.ibm.com/node/715749" - }, - { - "name" : "ibm-rqm-cve20171717-xss(134796)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134796." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-rqm-cve20171717-xss(134796)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134796" + }, + { + "name": "https://www-prd-trops.events.ibm.com/node/715749", + "refsource": "CONFIRM", + "url": "https://www-prd-trops.events.ibm.com/node/715749" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5099.json b/2017/5xxx/CVE-2017-5099.json index 6bbf8e7aa47..00d1d725bf2 100644 --- a/2017/5xxx/CVE-2017-5099.json +++ b/2017/5xxx/CVE-2017-5099.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 60.0.3112.78 for Mac", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 60.0.3112.78 for Mac" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient validation of untrusted input" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 60.0.3112.78 for Mac", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 60.0.3112.78 for Mac" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/733548", - "refsource" : "MISC", - "url" : "https://crbug.com/733548" - }, - { - "name" : "DSA-3926", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3926" - }, - { - "name" : "GLSA-201709-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-15" - }, - { - "name" : "RHSA-2017:1833", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1833" - }, - { - "name" : "99950", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient validation of untrusted input" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/733548", + "refsource": "MISC", + "url": "https://crbug.com/733548" + }, + { + "name": "GLSA-201709-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-15" + }, + { + "name": "DSA-3926", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3926" + }, + { + "name": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html" + }, + { + "name": "99950", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99950" + }, + { + "name": "RHSA-2017:1833", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1833" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5590.json b/2017/5xxx/CVE-2017-5590.json index 232191c00be..de2e5997fae 100644 --- a/2017/5xxx/CVE-2017-5590.json +++ b/2017/5xxx/CVE-2017-5590.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An incorrect implementation of \"XEP-0280: Message Carbons\" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for ChatSecure (3.2.0 - 4.0.0; only iOS) and Zom (all versions up to 1.0.11; only iOS)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2017/02/09/29", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2017/02/09/29" - }, - { - "name" : "https://github.com/ChatSecure/ChatSecure-iOS/commit/a340b4bb519227d89f85f2716a10a197a65d4856", - "refsource" : "MISC", - "url" : "https://github.com/ChatSecure/ChatSecure-iOS/commit/a340b4bb519227d89f85f2716a10a197a65d4856" - }, - { - "name" : "https://github.com/zom/Zom-iOS/commit/880051eaa8ba32d1b257c87a7d8798a93561bfd3", - "refsource" : "MISC", - "url" : "https://github.com/zom/Zom-iOS/commit/880051eaa8ba32d1b257c87a7d8798a93561bfd3" - }, - { - "name" : "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/", - "refsource" : "MISC", - "url" : "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/" - }, - { - "name" : "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf", - "refsource" : "MISC", - "url" : "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf" - }, - { - "name" : "96165", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96165" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An incorrect implementation of \"XEP-0280: Message Carbons\" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for ChatSecure (3.2.0 - 4.0.0; only iOS) and Zom (all versions up to 1.0.11; only iOS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/zom/Zom-iOS/commit/880051eaa8ba32d1b257c87a7d8798a93561bfd3", + "refsource": "MISC", + "url": "https://github.com/zom/Zom-iOS/commit/880051eaa8ba32d1b257c87a7d8798a93561bfd3" + }, + { + "name": "http://openwall.com/lists/oss-security/2017/02/09/29", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2017/02/09/29" + }, + { + "name": "96165", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96165" + }, + { + "name": "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/", + "refsource": "MISC", + "url": "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/" + }, + { + "name": "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf", + "refsource": "MISC", + "url": "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf" + }, + { + "name": "https://github.com/ChatSecure/ChatSecure-iOS/commit/a340b4bb519227d89f85f2716a10a197a65d4856", + "refsource": "MISC", + "url": "https://github.com/ChatSecure/ChatSecure-iOS/commit/a340b4bb519227d89f85f2716a10a197a65d4856" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5635.json b/2017/5xxx/CVE-2017-5635.json index 3eb994266d1..c38b08d3405 100644 --- a/2017/5xxx/CVE-2017-5635.json +++ b/2017/5xxx/CVE-2017-5635.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2017-5635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache NiFi", - "version" : { - "version_data" : [ - { - "version_value" : "0.7.0" - }, - { - "version_value" : "0.7.1" - }, - { - "version_value" : "1.1.0" - }, - { - "version_value" : "1.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the \"anonymous\" user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Unauthorized Access" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2017-5635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache NiFi", + "version": { + "version_data": [ + { + "version_value": "0.7.0" + }, + { + "version_value": "0.7.1" + }, + { + "version_value": "1.1.0" + }, + { + "version_value": "1.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nifi.apache.org/security.html#CVE-2017-5635", - "refsource" : "CONFIRM", - "url" : "https://nifi.apache.org/security.html#CVE-2017-5635" - }, - { - "name" : "96730", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96730" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the \"anonymous\" user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthorized Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nifi.apache.org/security.html#CVE-2017-5635", + "refsource": "CONFIRM", + "url": "https://nifi.apache.org/security.html#CVE-2017-5635" + }, + { + "name": "96730", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96730" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5710.json b/2017/5xxx/CVE-2017-5710.json index 107c486b4a2..be236ae9238 100644 --- a/2017/5xxx/CVE-2017-5710.json +++ b/2017/5xxx/CVE-2017-5710.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2017-11-20T00:00:00", - "ID" : "CVE-2017-5710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trusted Execution Engine", - "version" : { - "version_data" : [ - { - "version_value" : "3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple privilege escalations in kernel in Intel Trusted Execution Engine Firmware 3.0 allows unauthorized process to access privileged content via unspecified vector." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2017-11-20T00:00:00", + "ID": "CVE-2017-5710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trusted Execution Engine", + "version": { + "version_data": [ + { + "version_value": "3.0" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171120-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171120-0001/" - }, - { - "name" : "https://www.asus.com/News/wzeltG5CjYaIwGJ0", - "refsource" : "CONFIRM", - "url" : "https://www.asus.com/News/wzeltG5CjYaIwGJ0" - }, - { - "name" : "https://www.synology.com/support/security/Synology_SA_17_73", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/support/security/Synology_SA_17_73" - }, - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf" - }, - { - "name" : "101922", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101922" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple privilege escalations in kernel in Intel Trusted Execution Engine Firmware 3.0 allows unauthorized process to access privileged content via unspecified vector." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20171120-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171120-0001/" + }, + { + "name": "101922", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101922" + }, + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr" + }, + { + "name": "https://www.synology.com/support/security/Synology_SA_17_73", + "refsource": "CONFIRM", + "url": "https://www.synology.com/support/security/Synology_SA_17_73" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf" + }, + { + "name": "https://www.asus.com/News/wzeltG5CjYaIwGJ0", + "refsource": "CONFIRM", + "url": "https://www.asus.com/News/wzeltG5CjYaIwGJ0" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5790.json b/2017/5xxx/CVE-2017-5790.json index b8d947fe7c2..1de32873f76 100644 --- a/2017/5xxx/CVE-2017-5790.json +++ b/2017/5xxx/CVE-2017-5790.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-03-07T00:00:00", - "ID" : "CVE-2017-5790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Management Center (IMC) PLAT", - "version" : { - "version_data" : [ - { - "version_value" : "7.2 E0403P06" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote deserialization of untrusted data" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-03-07T00:00:00", + "ID": "CVE-2017-5790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Management Center (IMC) PLAT", + "version": { + "version_data": [ + { + "version_value": "7.2 E0403P06" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2017-12", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2017-12" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03710en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03710en_us" - }, - { - "name" : "96755", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote deserialization of untrusted data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96755", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96755" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03710en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03710en_us" + }, + { + "name": "https://www.tenable.com/security/research/tra-2017-12", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2017-12" + } + ] + } +} \ No newline at end of file