From 2773bf8b4cb6cbe0aa3cc898beb0a4a5b93f719d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:08:08 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/2xxx/CVE-2006-2125.json | 34 +-- 2006/2xxx/CVE-2006-2612.json | 170 +++++++------- 2006/2xxx/CVE-2006-2796.json | 150 ++++++------- 2006/3xxx/CVE-2006-3369.json | 170 +++++++------- 2006/3xxx/CVE-2006-3506.json | 180 +++++++-------- 2006/3xxx/CVE-2006-3527.json | 220 +++++++++--------- 2006/3xxx/CVE-2006-3983.json | 150 ++++++------- 2006/4xxx/CVE-2006-4758.json | 210 ++++++++--------- 2006/4xxx/CVE-2006-4779.json | 160 ++++++------- 2006/6xxx/CVE-2006-6108.json | 170 +++++++------- 2006/6xxx/CVE-2006-6114.json | 34 +-- 2006/6xxx/CVE-2006-6607.json | 170 +++++++------- 2006/6xxx/CVE-2006-6696.json | 350 ++++++++++++++--------------- 2006/7xxx/CVE-2006-7056.json | 170 +++++++------- 2011/0xxx/CVE-2011-0040.json | 190 ++++++++-------- 2011/0xxx/CVE-2011-0239.json | 34 +-- 2011/0xxx/CVE-2011-0557.json | 170 +++++++------- 2011/0xxx/CVE-2011-0744.json | 34 +-- 2011/0xxx/CVE-2011-0759.json | 160 ++++++------- 2011/1xxx/CVE-2011-1015.json | 260 ++++++++++----------- 2011/1xxx/CVE-2011-1294.json | 180 +++++++-------- 2011/1xxx/CVE-2011-1711.json | 170 +++++++------- 2011/3xxx/CVE-2011-3082.json | 34 +-- 2011/3xxx/CVE-2011-3839.json | 150 ++++++------- 2011/4xxx/CVE-2011-4057.json | 180 +++++++-------- 2011/4xxx/CVE-2011-4486.json | 120 +++++----- 2011/4xxx/CVE-2011-4602.json | 190 ++++++++-------- 2011/4xxx/CVE-2011-4604.json | 180 +++++++-------- 2011/4xxx/CVE-2011-4943.json | 34 +-- 2011/4xxx/CVE-2011-4972.json | 34 +-- 2013/5xxx/CVE-2013-5869.json | 170 +++++++------- 2014/2xxx/CVE-2014-2228.json | 34 +-- 2014/2xxx/CVE-2014-2733.json | 130 +++++------ 2014/6xxx/CVE-2014-6394.json | 260 ++++++++++----------- 2014/7xxx/CVE-2014-7099.json | 140 ++++++------ 2014/7xxx/CVE-2014-7433.json | 140 ++++++------ 2014/7xxx/CVE-2014-7490.json | 140 ++++++------ 2014/7xxx/CVE-2014-7635.json | 34 +-- 2017/0xxx/CVE-2017-0297.json | 140 ++++++------ 2017/0xxx/CVE-2017-0359.json | 142 ++++++------ 2017/0xxx/CVE-2017-0360.json | 150 ++++++------- 2017/0xxx/CVE-2017-0577.json | 140 ++++++------ 2017/0xxx/CVE-2017-0596.json | 176 +++++++-------- 2017/0xxx/CVE-2017-0626.json | 136 +++++------ 2017/0xxx/CVE-2017-0642.json | 152 ++++++------- 2017/1000xxx/CVE-2017-1000432.json | 134 +++++------ 2017/1000xxx/CVE-2017-1000442.json | 134 +++++------ 2017/18xxx/CVE-2017-18048.json | 150 ++++++------- 2017/1xxx/CVE-2017-1676.json | 34 +-- 2017/1xxx/CVE-2017-1934.json | 34 +-- 2017/5xxx/CVE-2017-5317.json | 34 +-- 2017/5xxx/CVE-2017-5482.json | 170 +++++++------- 52 files changed, 3616 insertions(+), 3616 deletions(-) diff --git a/2006/2xxx/CVE-2006-2125.json b/2006/2xxx/CVE-2006-2125.json index 01e64668ebc..80931211372 100644 --- a/2006/2xxx/CVE-2006-2125.json +++ b/2006/2xxx/CVE-2006-2125.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2125", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3779. Reason: This candidate is a duplicate of CVE-2005-3779. Notes: All CVE users should reference CVE-2005-3779 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-2125", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3779. Reason: This candidate is a duplicate of CVE-2005-3779. Notes: All CVE users should reference CVE-2005-3779 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2612.json b/2006/2xxx/CVE-2006-2612.json index 1c6f9bf4cc1..fc82a32f688 100644 --- a/2006/2xxx/CVE-2006-2612.json +++ b/2006/2xxx/CVE-2006-2612.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a machine is locked, which allows users with physical access to read the current clipboard contents by pasting them into the \"User Name\" field on the login prompt." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060521 Novell Client login form enables reading and writing from and to the clipboard of the logged-in user", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434704/100/0/threaded" - }, - { - "name" : "20060522 Re: Novell Client login form enables reading and writing from and to the clipboard of the logged-in user", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434724/100/0/threaded" - }, - { - "name" : "25760", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25760" - }, - { - "name" : "20194", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20194" - }, - { - "name" : "961", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/961" - }, - { - "name" : "novell-client-clipboard-leak(26595)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26595" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a machine is locked, which allows users with physical access to read the current clipboard contents by pasting them into the \"User Name\" field on the login prompt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20194", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20194" + }, + { + "name": "20060521 Novell Client login form enables reading and writing from and to the clipboard of the logged-in user", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434704/100/0/threaded" + }, + { + "name": "25760", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25760" + }, + { + "name": "961", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/961" + }, + { + "name": "20060522 Re: Novell Client login form enables reading and writing from and to the clipboard of the logged-in user", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434724/100/0/threaded" + }, + { + "name": "novell-client-clipboard-leak(26595)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26595" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2796.json b/2006/2xxx/CVE-2006-2796.json index 7ab4421d127..0b98f4b0170 100644 --- a/2006/2xxx/CVE-2006-2796.json +++ b/2006/2xxx/CVE-2006-2796.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2796", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in gallery.php in Captivate 1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter, which is reflected in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060521 Captivate 1.0 - XSS Vuln", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-05/0413.html" - }, - { - "name" : "18072", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18072" - }, - { - "name" : "1020", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1020" - }, - { - "name" : "captivate-gallery-xss(26589)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26589" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in gallery.php in Captivate 1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter, which is reflected in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18072", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18072" + }, + { + "name": "1020", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1020" + }, + { + "name": "20060521 Captivate 1.0 - XSS Vuln", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0413.html" + }, + { + "name": "captivate-gallery-xss(26589)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26589" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3369.json b/2006/3xxx/CVE-2006-3369.json index 49f3e4c49b5..f3c4a5c859a 100644 --- a/2006/3xxx/CVE-2006-3369.json +++ b/2006/3xxx/CVE-2006-3369.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kamikaze-QSCM 0.1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060703 5 php scripts remote database password disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438964/100/0/threaded" - }, - { - "name" : "18816", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18816" - }, - { - "name" : "ADV-2006-2662", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2662" - }, - { - "name" : "20918", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20918" - }, - { - "name" : "1192", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1192" - }, - { - "name" : "kamikazeqscm-config-information-disclosure(27575)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27575" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kamikaze-QSCM 0.1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2662", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2662" + }, + { + "name": "18816", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18816" + }, + { + "name": "1192", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1192" + }, + { + "name": "20918", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20918" + }, + { + "name": "20060703 5 php scripts remote database password disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438964/100/0/threaded" + }, + { + "name": "kamikazeqscm-config-information-disclosure(27575)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27575" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3506.json b/2006/3xxx/CVE-2006-3506.json index 44a6136bc80..38f8b090901 100644 --- a/2006/3xxx/CVE-2006-3506.json +++ b/2006/3xxx/CVE-2006-3506.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and OS X Server 10.4.7 allows local users with Xsan write access, to execute arbitrary code via unspecified vectors related to \"processing a path name.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2006-08-17", - "refsource" : "APPLE", - "url" : "http://docs.info.apple.com/article.html?artnum=304188" - }, - { - "name" : "VU#737204", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/737204" - }, - { - "name" : "19579", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19579" - }, - { - "name" : "ADV-2006-3315", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3315" - }, - { - "name" : "27994", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27994" - }, - { - "name" : "1016711", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016711" - }, - { - "name" : "21551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21551" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and OS X Server 10.4.7 allows local users with Xsan write access, to execute arbitrary code via unspecified vectors related to \"processing a path name.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2006-08-17", + "refsource": "APPLE", + "url": "http://docs.info.apple.com/article.html?artnum=304188" + }, + { + "name": "ADV-2006-3315", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3315" + }, + { + "name": "27994", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27994" + }, + { + "name": "19579", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19579" + }, + { + "name": "21551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21551" + }, + { + "name": "VU#737204", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/737204" + }, + { + "name": "1016711", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016711" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3527.json b/2006/3xxx/CVE-2006-3527.json index e1a29f37272..132b0f17059 100644 --- a/2006/3xxx/CVE-2006-3527.json +++ b/2006/3xxx/CVE-2006-3527.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in BosClassifieds Classified Ads allow remote attackers to execute arbitrary PHP code via a URL in the insPath parameter to (1) index.php, (2) recent.php, (3) account.php, (4) classified.php, or (5) search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.jaascois.com/exploits/18602018/", - "refsource" : "MISC", - "url" : "http://www.jaascois.com/exploits/18602018/" - }, - { - "name" : "18883", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18883" - }, - { - "name" : "ADV-2006-2807", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2807" - }, - { - "name" : "27314", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27314" - }, - { - "name" : "27315", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27315" - }, - { - "name" : "27316", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27316" - }, - { - "name" : "27317", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27317" - }, - { - "name" : "27318", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27318" - }, - { - "name" : "1016447", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016447" - }, - { - "name" : "21056", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21056" - }, - { - "name" : "bosclassifieds-multiple-scripts-file-include(27662)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27662" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in BosClassifieds Classified Ads allow remote attackers to execute arbitrary PHP code via a URL in the insPath parameter to (1) index.php, (2) recent.php, (3) account.php, (4) classified.php, or (5) search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27315", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27315" + }, + { + "name": "27314", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27314" + }, + { + "name": "27317", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27317" + }, + { + "name": "27316", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27316" + }, + { + "name": "ADV-2006-2807", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2807" + }, + { + "name": "1016447", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016447" + }, + { + "name": "http://www.jaascois.com/exploits/18602018/", + "refsource": "MISC", + "url": "http://www.jaascois.com/exploits/18602018/" + }, + { + "name": "27318", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27318" + }, + { + "name": "18883", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18883" + }, + { + "name": "21056", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21056" + }, + { + "name": "bosclassifieds-multiple-scripts-file-include(27662)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27662" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3983.json b/2006/3xxx/CVE-2006-3983.json index 4dc4dd2efab..21a7acff0af 100644 --- a/2006/3xxx/CVE-2006-3983.json +++ b/2006/3xxx/CVE-2006-3983.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in editprofile.php in php(Reactor) 1.27pl1 allows remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2095", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2095" - }, - { - "name" : "19259", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19259" - }, - { - "name" : "ADV-2006-3087", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3087" - }, - { - "name" : "phpreactor-editprofile-file-include(28100)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28100" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in editprofile.php in php(Reactor) 1.27pl1 allows remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19259", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19259" + }, + { + "name": "phpreactor-editprofile-file-include(28100)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28100" + }, + { + "name": "2095", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2095" + }, + { + "name": "ADV-2006-3087", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3087" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4758.json b/2006/4xxx/CVE-2006-4758.json index 51a1a10c9b2..bb3fda3c8c6 100644 --- a/2006/4xxx/CVE-2006-4758.json +++ b/2006/4xxx/CVE-2006-4758.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060911 ShAnKaR: multiple PHP application poison NULL byte vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445788/100/0/threaded" - }, - { - "name" : "http://www.security.nnov.ru/Odocument221.html", - "refsource" : "MISC", - "url" : "http://www.security.nnov.ru/Odocument221.html" - }, - { - "name" : "http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624", - "refsource" : "MISC", - "url" : "http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388120", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388120" - }, - { - "name" : "DSA-1488", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1488" - }, - { - "name" : "20347", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20347" - }, - { - "name" : "21806", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21806" - }, - { - "name" : "22188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22188" - }, - { - "name" : "28871", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28871" - }, - { - "name" : "phpbb-nullbyte-file-upload(28884)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28884" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20347", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20347" + }, + { + "name": "20060911 ShAnKaR: multiple PHP application poison NULL byte vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445788/100/0/threaded" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388120", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388120" + }, + { + "name": "28871", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28871" + }, + { + "name": "phpbb-nullbyte-file-upload(28884)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28884" + }, + { + "name": "21806", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21806" + }, + { + "name": "DSA-1488", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1488" + }, + { + "name": "http://www.security.nnov.ru/Odocument221.html", + "refsource": "MISC", + "url": "http://www.security.nnov.ru/Odocument221.html" + }, + { + "name": "http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624", + "refsource": "MISC", + "url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624" + }, + { + "name": "22188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22188" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4779.json b/2006/4xxx/CVE-2006-4779.json index c8ea48729b1..7c85ef87ea2 100644 --- a/2006/4xxx/CVE-2006-4779.json +++ b/2006/4xxx/CVE-2006-4779.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4779", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/functions_portal.php in Vitrax Premodded phpBB 1.0.6-R3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4779", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2353", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2353" - }, - { - "name" : "19979", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19979" - }, - { - "name" : "ADV-2006-3571", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3571" - }, - { - "name" : "21882", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21882" - }, - { - "name" : "vitrax-functionsportal-file-include(28889)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/functions_portal.php in Vitrax Premodded phpBB 1.0.6-R3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21882", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21882" + }, + { + "name": "vitrax-functionsportal-file-include(28889)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28889" + }, + { + "name": "2353", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2353" + }, + { + "name": "19979", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19979" + }, + { + "name": "ADV-2006-3571", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3571" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6108.json b/2006/6xxx/CVE-2006-6108.json index 8bdb4dad5fa..ef1cfc2ee5c 100644 --- a/2006/6xxx/CVE-2006-6108.json +++ b/2006/6xxx/CVE-2006-6108.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#61543834", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2361543834/index.html" - }, - { - "name" : "21146", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21146/info" - }, - { - "name" : "ADV-2006-4583", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4583" - }, - { - "name" : "1017277", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017277" - }, - { - "name" : "22925", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22925" - }, - { - "name" : "eccube-unspecified-xss(30526)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22925", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22925" + }, + { + "name": "1017277", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017277" + }, + { + "name": "eccube-unspecified-xss(30526)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30526" + }, + { + "name": "JVN#61543834", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2361543834/index.html" + }, + { + "name": "21146", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21146/info" + }, + { + "name": "ADV-2006-4583", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4583" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6114.json b/2006/6xxx/CVE-2006-6114.json index 68618e432f9..128edfe5b5b 100644 --- a/2006/6xxx/CVE-2006-6114.json +++ b/2006/6xxx/CVE-2006-6114.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6114", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-5854. Reason: This candidate is a duplicate of CVE-2006-5854. Notes: All CVE users should reference CVE-2006-5854 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-6114", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-5854. Reason: This candidate is a duplicate of CVE-2006-5854. Notes: All CVE users should reference CVE-2006-5854 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6607.json b/2006/6xxx/CVE-2006-6607.json index dee21212597..089f1659e8c 100644 --- a/2006/6xxx/CVE-2006-6607.json +++ b/2006/6xxx/CVE-2006-6607.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21251069", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21251069" - }, - { - "name" : "21570", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21570" - }, - { - "name" : "ADV-2006-4989", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4989" - }, - { - "name" : "1017380", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017380" - }, - { - "name" : "23359", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23359" - }, - { - "name" : "tivoli-truststorepassword-info-disclosure(30865)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21570", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21570" + }, + { + "name": "23359", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23359" + }, + { + "name": "1017380", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017380" + }, + { + "name": "ADV-2006-4989", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4989" + }, + { + "name": "tivoli-truststorepassword-info-disclosure(30865)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30865" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21251069", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21251069" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6696.json b/2006/6xxx/CVE-2006-6696.json index 21adfdb8871..92dd773c7a2 100644 --- a/2006/6xxx/CVE-2006-6696.json +++ b/2006/6xxx/CVE-2006-6696.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061221 Microsoft Windows XP/2003/Vista memory corruption 0day", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455061/100/0/threaded" - }, - { - "name" : "20061221 Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455104/100/0/threaded" - }, - { - "name" : "20061221 Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memorycorruption 0day", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455088/100/0/threaded" - }, - { - "name" : "20061222 Re: Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455158/100/0/threaded" - }, - { - "name" : "20061230 csrss.exe double-free vulnerability - arbitrary DWORD overwrite exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455546/100/0/threaded" - }, - { - "name" : "20061221 Microsoft Windows XP/2003/Vista memory corruption 0day", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051394.html" - }, - { - "name" : "http://www.determina.com/security.research/vulnerabilities/csrss-harderror.html", - "refsource" : "MISC", - "url" : "http://www.determina.com/security.research/vulnerabilities/csrss-harderror.html" - }, - { - "name" : "http://www.security.nnov.ru/Gnews944.html", - "refsource" : "MISC", - "url" : "http://www.security.nnov.ru/Gnews944.html" - }, - { - "name" : "http://www.security.nnov.ru/files/messagebox.c", - "refsource" : "MISC", - "url" : "http://www.security.nnov.ru/files/messagebox.c" - }, - { - "name" : "http://groups.google.ca/group/microsoft.public.win32.programmer.kernel/browse_thread/thread/c5946bf40f227058/7bd7b5d66a4e5aff", - "refsource" : "MISC", - "url" : "http://groups.google.ca/group/microsoft.public.win32.programmer.kernel/browse_thread/thread/c5946bf40f227058/7bd7b5d66a4e5aff" - }, - { - "name" : "http://www.kuban.ru/forum_new/forum2/files/19124.html", - "refsource" : "MISC", - "url" : "http://www.kuban.ru/forum_new/forum2/files/19124.html" - }, - { - "name" : "http://isc.sans.org/diary.php?n&storyid=1965", - "refsource" : "MISC", - "url" : "http://isc.sans.org/diary.php?n&storyid=1965" - }, - { - "name" : "http://research.eeye.com/html/alerts/zeroday/20061215.html", - "refsource" : "MISC", - "url" : "http://research.eeye.com/html/alerts/zeroday/20061215.html" - }, - { - "name" : "http://blogs.technet.com/msrc/archive/2006/12/22/new-report-of-a-windows-vulnerability.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/msrc/archive/2006/12/22/new-report-of-a-windows-vulnerability.aspx" - }, - { - "name" : "HPSBST02208", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/466331/100/200/threaded" - }, - { - "name" : "SSRT071365", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/466331/100/200/threaded" - }, - { - "name" : "MS07-021", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021" - }, - { - "name" : "21688", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21688" - }, - { - "name" : "23324", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23324" - }, - { - "name" : "ADV-2006-5120", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5120" - }, - { - "name" : "ADV-2007-1325", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1325" - }, - { - "name" : "oval:org.mitre.oval:def:1816", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1816" - }, - { - "name" : "1017433", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017433" - }, - { - "name" : "23448", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23448" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kuban.ru/forum_new/forum2/files/19124.html", + "refsource": "MISC", + "url": "http://www.kuban.ru/forum_new/forum2/files/19124.html" + }, + { + "name": "20061230 csrss.exe double-free vulnerability - arbitrary DWORD overwrite exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455546/100/0/threaded" + }, + { + "name": "HPSBST02208", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded" + }, + { + "name": "1017433", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017433" + }, + { + "name": "http://groups.google.ca/group/microsoft.public.win32.programmer.kernel/browse_thread/thread/c5946bf40f227058/7bd7b5d66a4e5aff", + "refsource": "MISC", + "url": "http://groups.google.ca/group/microsoft.public.win32.programmer.kernel/browse_thread/thread/c5946bf40f227058/7bd7b5d66a4e5aff" + }, + { + "name": "http://www.security.nnov.ru/Gnews944.html", + "refsource": "MISC", + "url": "http://www.security.nnov.ru/Gnews944.html" + }, + { + "name": "http://research.eeye.com/html/alerts/zeroday/20061215.html", + "refsource": "MISC", + "url": "http://research.eeye.com/html/alerts/zeroday/20061215.html" + }, + { + "name": "http://www.determina.com/security.research/vulnerabilities/csrss-harderror.html", + "refsource": "MISC", + "url": "http://www.determina.com/security.research/vulnerabilities/csrss-harderror.html" + }, + { + "name": "20061221 Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memorycorruption 0day", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455088/100/0/threaded" + }, + { + "name": "http://blogs.technet.com/msrc/archive/2006/12/22/new-report-of-a-windows-vulnerability.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/msrc/archive/2006/12/22/new-report-of-a-windows-vulnerability.aspx" + }, + { + "name": "20061222 Re: Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455158/100/0/threaded" + }, + { + "name": "21688", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21688" + }, + { + "name": "MS07-021", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021" + }, + { + "name": "oval:org.mitre.oval:def:1816", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1816" + }, + { + "name": "ADV-2007-1325", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1325" + }, + { + "name": "http://www.security.nnov.ru/files/messagebox.c", + "refsource": "MISC", + "url": "http://www.security.nnov.ru/files/messagebox.c" + }, + { + "name": "20061221 Microsoft Windows XP/2003/Vista memory corruption 0day", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051394.html" + }, + { + "name": "23324", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23324" + }, + { + "name": "20061221 Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455104/100/0/threaded" + }, + { + "name": "20061221 Microsoft Windows XP/2003/Vista memory corruption 0day", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455061/100/0/threaded" + }, + { + "name": "23448", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23448" + }, + { + "name": "SSRT071365", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/466331/100/200/threaded" + }, + { + "name": "http://isc.sans.org/diary.php?n&storyid=1965", + "refsource": "MISC", + "url": "http://isc.sans.org/diary.php?n&storyid=1965" + }, + { + "name": "ADV-2006-5120", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5120" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7056.json b/2006/7xxx/CVE-2006-7056.json index c2cd5ddae0a..7cd7992aa95 100644 --- a/2006/7xxx/CVE-2006-7056.json +++ b/2006/7xxx/CVE-2006-7056.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in DreamCost HostAdmin 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) functions.php and (2) members.php. NOTE: the index.php vector is covered by CVE-2006-0791." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060605 [MajorSecurity #9]HostAdmin <= 3.1 - Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435993/30/4650/threaded" - }, - { - "name" : "http://www.majorsecurity.de/advisory/major_rls9.txt", - "refsource" : "MISC", - "url" : "http://www.majorsecurity.de/advisory/major_rls9.txt" - }, - { - "name" : "18284", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18284" - }, - { - "name" : "18901", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18901" - }, - { - "name" : "2289", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2289" - }, - { - "name" : "hostadmin-path-file-include(24723)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24723" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in DreamCost HostAdmin 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) functions.php and (2) members.php. NOTE: the index.php vector is covered by CVE-2006-0791." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2289", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2289" + }, + { + "name": "http://www.majorsecurity.de/advisory/major_rls9.txt", + "refsource": "MISC", + "url": "http://www.majorsecurity.de/advisory/major_rls9.txt" + }, + { + "name": "hostadmin-path-file-include(24723)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24723" + }, + { + "name": "20060605 [MajorSecurity #9]HostAdmin <= 3.1 - Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435993/30/4650/threaded" + }, + { + "name": "18901", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18901" + }, + { + "name": "18284", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18284" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0040.json b/2011/0xxx/CVE-2011-0040.json index a1146327d35..50353af3fce 100644 --- a/2011/0xxx/CVE-2011-0040.json +++ b/2011/0xxx/CVE-2011-0040.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka \"Active Directory SPN Validation Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-0040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-005", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-005" - }, - { - "name" : "46145", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46145" - }, - { - "name" : "70825", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70825" - }, - { - "name" : "oval:org.mitre.oval:def:12485", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12485" - }, - { - "name" : "1025042", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025042" - }, - { - "name" : "43215", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43215" - }, - { - "name" : "ADV-2011-0319", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0319" - }, - { - "name" : "ms-win-active-directory-dos(64915)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka \"Active Directory SPN Validation Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS11-005", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-005" + }, + { + "name": "70825", + "refsource": "OSVDB", + "url": "http://osvdb.org/70825" + }, + { + "name": "ADV-2011-0319", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0319" + }, + { + "name": "1025042", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025042" + }, + { + "name": "43215", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43215" + }, + { + "name": "ms-win-active-directory-dos(64915)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64915" + }, + { + "name": "46145", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46145" + }, + { + "name": "oval:org.mitre.oval:def:12485", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12485" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0239.json b/2011/0xxx/CVE-2011-0239.json index ee2a7503aa0..0744ddd777e 100644 --- a/2011/0xxx/CVE-2011-0239.json +++ b/2011/0xxx/CVE-2011-0239.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0239", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0239", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0557.json b/2011/0xxx/CVE-2011-0557.json index 635ce795a60..f9b1157022e 100644 --- a/2011/0xxx/CVE-2011-0557.json +++ b/2011/0xxx/CVE-2011-0557.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Adobe Shockwave Player before 11.5.9.620 allows remote attackers to execute arbitrary code via a Director movie with a large count value in 3D assets type 0xFFFFFF45 record, which triggers a \"faulty allocation\" and memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-0557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110208 ZDI-11-079: Adobe Shockwave Player 0xFFFFFF45 Record Count Element Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516323/100/0/threaded" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-01.html" - }, - { - "name" : "46330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46330" - }, - { - "name" : "1025056", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025056" - }, - { - "name" : "ADV-2011-0335", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0335" - }, - { - "name" : "shockwave-overflow-code-exec(65259)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65259" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Adobe Shockwave Player before 11.5.9.620 allows remote attackers to execute arbitrary code via a Director movie with a large count value in 3D assets type 0xFFFFFF45 record, which triggers a \"faulty allocation\" and memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "shockwave-overflow-code-exec(65259)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65259" + }, + { + "name": "ADV-2011-0335", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0335" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-01.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-01.html" + }, + { + "name": "1025056", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025056" + }, + { + "name": "46330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46330" + }, + { + "name": "20110208 ZDI-11-079: Adobe Shockwave Player 0xFFFFFF45 Record Count Element Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516323/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0744.json b/2011/0xxx/CVE-2011-0744.json index 96f53e86b7b..32d672acf7b 100644 --- a/2011/0xxx/CVE-2011-0744.json +++ b/2011/0xxx/CVE-2011-0744.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0744", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0744", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0759.json b/2011/0xxx/CVE-2011-0759.json index d3ded24e731..3cb54a7df7a 100644 --- a/2011/0xxx/CVE-2011-0759.json +++ b/2011/0xxx/CVE-2011-0759.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration page in the Recaptcha (aka WP-reCAPTCHA) plugin 2.9.8.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that disable the CAPTCHA requirement or insert cross-site scripting (XSS) sequences via the (1) recaptcha_opt_pubkey, (2) recaptcha_opt_privkey, (3) re_tabindex, (4) error_blank, (5) error_incorrect, (6) mailhide_pub, (7) mailhide_priv, (8) mh_replace_link, or (9) mh_replace_title parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110317 Recaptcha Word Press Plugin Cross Site Scripting Vulnerability - CVE-2011-0759", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-03/0206.html" - }, - { - "name" : "46909", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46909" - }, - { - "name" : "43771", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43771" - }, - { - "name" : "recaptcha-wordpress-csrf(66167)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66167" - }, - { - "name" : "recaptcha-wordpress-multiple-xss(66169)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66169" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration page in the Recaptcha (aka WP-reCAPTCHA) plugin 2.9.8.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that disable the CAPTCHA requirement or insert cross-site scripting (XSS) sequences via the (1) recaptcha_opt_pubkey, (2) recaptcha_opt_privkey, (3) re_tabindex, (4) error_blank, (5) error_incorrect, (6) mailhide_pub, (7) mailhide_priv, (8) mh_replace_link, or (9) mh_replace_title parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "recaptcha-wordpress-csrf(66167)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66167" + }, + { + "name": "46909", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46909" + }, + { + "name": "43771", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43771" + }, + { + "name": "20110317 Recaptcha Word Press Plugin Cross Site Scripting Vulnerability - CVE-2011-0759", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-03/0206.html" + }, + { + "name": "recaptcha-wordpress-multiple-xss(66169)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66169" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1015.json b/2011/1xxx/CVE-2011-1015.json index e9e5af46fbb..0907609b2c7 100644 --- a/2011/1xxx/CVE-2011-1015.json +++ b/2011/1xxx/CVE-2011-1015.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110223 CVE request: Information disclosure in CGIHTTPServer from Python", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/23/27" - }, - { - "name" : "[oss-security] 20110224 Re: CVE request: Information disclosure in CGIHTTPServer from Python", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/24/10" - }, - { - "name" : "http://bugs.python.org/issue2254", - "refsource" : "CONFIRM", - "url" : "http://bugs.python.org/issue2254" - }, - { - "name" : "http://hg.python.org/cpython/rev/c6c4398293bd/", - "refsource" : "CONFIRM", - "url" : "http://hg.python.org/cpython/rev/c6c4398293bd/" - }, - { - "name" : "http://svn.python.org/view?view=revision&revision=71303", - "refsource" : "CONFIRM", - "url" : "http://svn.python.org/view?view=revision&revision=71303" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=680094", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=680094" - }, - { - "name" : "MDVSA-2011:096", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:096" - }, - { - "name" : "USN-1596-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1596-1" - }, - { - "name" : "USN-1613-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1613-2" - }, - { - "name" : "USN-1613-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1613-1" - }, - { - "name" : "46541", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46541" - }, - { - "name" : "1025489", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025489" - }, - { - "name" : "50858", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50858" - }, - { - "name" : "51024", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51024" - }, - { - "name" : "51040", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://svn.python.org/view?view=revision&revision=71303", + "refsource": "CONFIRM", + "url": "http://svn.python.org/view?view=revision&revision=71303" + }, + { + "name": "MDVSA-2011:096", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:096" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=680094", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=680094" + }, + { + "name": "http://bugs.python.org/issue2254", + "refsource": "CONFIRM", + "url": "http://bugs.python.org/issue2254" + }, + { + "name": "[oss-security] 20110224 Re: CVE request: Information disclosure in CGIHTTPServer from Python", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/24/10" + }, + { + "name": "51040", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51040" + }, + { + "name": "50858", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50858" + }, + { + "name": "[oss-security] 20110223 CVE request: Information disclosure in CGIHTTPServer from Python", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/23/27" + }, + { + "name": "1025489", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025489" + }, + { + "name": "USN-1596-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1596-1" + }, + { + "name": "http://hg.python.org/cpython/rev/c6c4398293bd/", + "refsource": "CONFIRM", + "url": "http://hg.python.org/cpython/rev/c6c4398293bd/" + }, + { + "name": "USN-1613-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1613-2" + }, + { + "name": "51024", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51024" + }, + { + "name": "USN-1613-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1613-1" + }, + { + "name": "46541", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46541" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1294.json b/2011/1xxx/CVE-2011-1294.json index e7b6a173c4f..cece76979ad 100644 --- a/2011/1xxx/CVE-2011-1294.json +++ b/2011/1xxx/CVE-2011-1294.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 10.0.648.204 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=74562", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=74562" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html" - }, - { - "name" : "47029", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47029" - }, - { - "name" : "oval:org.mitre.oval:def:14376", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14376" - }, - { - "name" : "43859", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43859" - }, - { - "name" : "ADV-2011-0765", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0765" - }, - { - "name" : "google-chrome-stale-code-exec(66301)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66301" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 10.0.648.204 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0765", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0765" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=74562", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=74562" + }, + { + "name": "oval:org.mitre.oval:def:14376", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14376" + }, + { + "name": "google-chrome-stale-code-exec(66301)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66301" + }, + { + "name": "43859", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43859" + }, + { + "name": "47029", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47029" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1711.json b/2011/1xxx/CVE-2011-1711.json index 899494d6a91..a141f2256f1 100644 --- a/2011/1xxx/CVE-2011-1711.json +++ b/2011/1xxx/CVE-2011-1711.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer 1.0.x, and 1.1.x through 1.1.1 build 428, allows remote authenticated users to access the accounts of other users via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=7008690", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=7008690" - }, - { - "name" : "48117", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48117" - }, - { - "name" : "72759", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/72759" - }, - { - "name" : "1025608", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025608" - }, - { - "name" : "44864", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44864" - }, - { - "name" : "novell-mobility-pack-unauth-access(67840)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer 1.0.x, and 1.1.x through 1.1.1 build 428, allows remote authenticated users to access the accounts of other users via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "novell-mobility-pack-unauth-access(67840)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67840" + }, + { + "name": "48117", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48117" + }, + { + "name": "1025608", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025608" + }, + { + "name": "72759", + "refsource": "OSVDB", + "url": "http://osvdb.org/72759" + }, + { + "name": "44864", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44864" + }, + { + "name": "http://www.novell.com/support/viewContent.do?externalId=7008690", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=7008690" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3082.json b/2011/3xxx/CVE-2011-3082.json index 2fb9c13049a..d839cd12acc 100644 --- a/2011/3xxx/CVE-2011-3082.json +++ b/2011/3xxx/CVE-2011-3082.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3082", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3082", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3839.json b/2011/3xxx/CVE-2011-3839.json index fbf28a0e1e3..c99c0bf90af 100644 --- a/2011/3xxx/CVE-2011-3839.json +++ b/2011/3xxx/CVE-2011-3839.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3839", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The administration functionality in Wuzly 2.0 allows remote attackers to bypass authentication by setting the dXNlcm5hbWU cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2011-3839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2011-89/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2011-89/" - }, - { - "name" : "77913", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77913" - }, - { - "name" : "46163", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46163" - }, - { - "name" : "wuzly-cookie-security-bypass(71905)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The administration functionality in Wuzly 2.0 allows remote attackers to bypass authentication by setting the dXNlcm5hbWU cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "77913", + "refsource": "OSVDB", + "url": "http://osvdb.org/77913" + }, + { + "name": "wuzly-cookie-security-bypass(71905)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71905" + }, + { + "name": "http://secunia.com/secunia_research/2011-89/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2011-89/" + }, + { + "name": "46163", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46163" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4057.json b/2011/4xxx/CVE-2011-4057.json index f1297da34f6..97579b6e641 100644 --- a/2011/4xxx/CVE-2011-4057.json +++ b/2011/4xxx/CVE-2011-4057.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-4057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/MAPG-8MYNFL", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/MAPG-8MYNFL" - }, - { - "name" : "VU#659515", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/659515" - }, - { - "name" : "JVN#78901873", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN78901873/index.html" - }, - { - "name" : "JVNDB-2012-000003", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000003.html" - }, - { - "name" : "51382", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51382" - }, - { - "name" : "78223", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78223" - }, - { - "name" : "47497", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "78223", + "refsource": "OSVDB", + "url": "http://osvdb.org/78223" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MAPG-8MYNFL", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/MAPG-8MYNFL" + }, + { + "name": "51382", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51382" + }, + { + "name": "VU#659515", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/659515" + }, + { + "name": "JVN#78901873", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN78901873/index.html" + }, + { + "name": "JVNDB-2012-000003", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000003.html" + }, + { + "name": "47497", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47497" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4486.json b/2011/4xxx/CVE-2011-4486.json index dd5125e88da..7c06527462b 100644 --- a/2011/4xxx/CVE-2011-4486.json +++ b/2011/4xxx/CVE-2011-4486.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allow remote attackers to cause a denial of service (device reload) via a crafted SCCP registration, aka Bug ID CSCtu73538." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-4486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120229 Cisco Unified Communications Manager Skinny Client Control Protocol Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allow remote attackers to cause a denial of service (device reload) via a crafted SCCP registration, aka Bug ID CSCtu73538." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120229 Cisco Unified Communications Manager Skinny Client Control Protocol Vulnerabilities", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4602.json b/2011/4xxx/CVE-2011-4602.json index 747990fce91..fc24a6a7756 100644 --- a/2011/4xxx/CVE-2011-4602.json +++ b/2011/4xxx/CVE-2011-4602.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://developer.pidgin.im/viewmtn/revision/info/fb216fc88b085afc06d9a15209519cde1f4df6c6", - "refsource" : "CONFIRM", - "url" : "http://developer.pidgin.im/viewmtn/revision/info/fb216fc88b085afc06d9a15209519cde1f4df6c6" - }, - { - "name" : "http://pidgin.im/news/security/?id=58", - "refsource" : "CONFIRM", - "url" : "http://pidgin.im/news/security/?id=58" - }, - { - "name" : "RHSA-2011:1820", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1820.html" - }, - { - "name" : "RHSA-2011:1821", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1821.html" - }, - { - "name" : "openSUSE-SU-2012:0066", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/13195955" - }, - { - "name" : "oval:org.mitre.oval:def:18420", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18420" - }, - { - "name" : "47219", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47219" - }, - { - "name" : "47234", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47234" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2011:1820", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1820.html" + }, + { + "name": "openSUSE-SU-2012:0066", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/13195955" + }, + { + "name": "http://developer.pidgin.im/viewmtn/revision/info/fb216fc88b085afc06d9a15209519cde1f4df6c6", + "refsource": "CONFIRM", + "url": "http://developer.pidgin.im/viewmtn/revision/info/fb216fc88b085afc06d9a15209519cde1f4df6c6" + }, + { + "name": "oval:org.mitre.oval:def:18420", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18420" + }, + { + "name": "http://pidgin.im/news/security/?id=58", + "refsource": "CONFIRM", + "url": "http://pidgin.im/news/security/?id=58" + }, + { + "name": "47219", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47219" + }, + { + "name": "RHSA-2011:1821", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1821.html" + }, + { + "name": "47234", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47234" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4604.json b/2011/4xxx/CVE-2011-4604.json index 764f46caa8a..81edbeba2ce 100644 --- a/2011/4xxx/CVE-2011-4604.json +++ b/2011/4xxx/CVE-2011-4604.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The bat_socket_read function in net/batman-adv/icmp_socket.c in the Linux kernel before 3.3 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted batman-adv ICMP packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[b.a.t.m.a.n] 20111210 bat_socket_read missing checks", - "refsource" : "MLIST", - "url" : "https://lists.open-mesh.org/pipermail/b.a.t.m.a.n/2011-December/005904.html" - }, - { - "name" : "[oss-security] 20111211 Fwd: Re: cve request: bat_socket_read memory corruption", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/12/12/1" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b5a1eeef04cc7859f34dec9b72ea1b28e4aba07c", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b5a1eeef04cc7859f34dec9b72ea1b28e4aba07c" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.3.bz2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.3.bz2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=767495", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=767495" - }, - { - "name" : "https://github.com/torvalds/linux/commit/b5a1eeef04cc7859f34dec9b72ea1b28e4aba07c", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/b5a1eeef04cc7859f34dec9b72ea1b28e4aba07c" - }, - { - "name" : "openSUSE-SU-2013:0925", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The bat_socket_read function in net/batman-adv/icmp_socket.c in the Linux kernel before 3.3 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted batman-adv ICMP packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20111211 Fwd: Re: cve request: bat_socket_read memory corruption", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/12/12/1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=767495", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=767495" + }, + { + "name": "[b.a.t.m.a.n] 20111210 bat_socket_read missing checks", + "refsource": "MLIST", + "url": "https://lists.open-mesh.org/pipermail/b.a.t.m.a.n/2011-December/005904.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b5a1eeef04cc7859f34dec9b72ea1b28e4aba07c", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b5a1eeef04cc7859f34dec9b72ea1b28e4aba07c" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.3.bz2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.3.bz2" + }, + { + "name": "openSUSE-SU-2013:0925", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/b5a1eeef04cc7859f34dec9b72ea1b28e4aba07c", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/b5a1eeef04cc7859f34dec9b72ea1b28e4aba07c" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4943.json b/2011/4xxx/CVE-2011-4943.json index 55ef3e871ac..660df24f456 100644 --- a/2011/4xxx/CVE-2011-4943.json +++ b/2011/4xxx/CVE-2011-4943.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4943", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4943", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4972.json b/2011/4xxx/CVE-2011-4972.json index 15a8333207a..883e889e499 100644 --- a/2011/4xxx/CVE-2011-4972.json +++ b/2011/4xxx/CVE-2011-4972.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4972", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4972", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5869.json b/2013/5xxx/CVE-2013-5869.json index 5fc7e565218..62f22179079 100644 --- a/2013/5xxx/CVE-2013-5869.json +++ b/2013/5xxx/CVE-2013-5869.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5869", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.6.0, 11.1.1.7.0, and 11.1.1.8.0 allows remote attackers to affect confidentiality via unknown vectors related to Page Service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5869", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64835", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64835" - }, - { - "name" : "102092", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102092" - }, - { - "name" : "1029613", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029613" - }, - { - "name" : "56467", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.6.0, 11.1.1.7.0, and 11.1.1.8.0 allows remote attackers to affect confidentiality via unknown vectors related to Page Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64835", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64835" + }, + { + "name": "1029613", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029613" + }, + { + "name": "56467", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56467" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + }, + { + "name": "102092", + "refsource": "OSVDB", + "url": "http://osvdb.org/102092" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2228.json b/2014/2xxx/CVE-2014-2228.json index b7bdbfce693..82c54a5f98f 100644 --- a/2014/2xxx/CVE-2014-2228.json +++ b/2014/2xxx/CVE-2014-2228.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2228", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2228", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2733.json b/2014/2xxx/CVE-2014-2733.json index e31e0873ec9..097eed57d4c 100644 --- a/2014/2xxx/CVE-2014-2733.json +++ b/2014/2xxx/CVE-2014-2733.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01" - }, - { - "name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf" + }, + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6394.json b/2014/6xxx/CVE-2014-6394.json index e9750d68b54..16ad0839370 100644 --- a/2014/6xxx/CVE-2014-6394.json +++ b/2014/6xxx/CVE-2014-6394.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using \"public-restricted\" under a \"public\" directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140924 CVE request: various NodeJS module vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/09/24/1" - }, - { - "name" : "[oss-security] 20140924 Re: CVE request: various NodeJS module vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/09/30/10" - }, - { - "name" : "https://github.com/visionmedia/send/pull/59", - "refsource" : "MISC", - "url" : "https://github.com/visionmedia/send/pull/59" - }, - { - "name" : "https://nodesecurity.io/advisories/send-directory-traversal", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/send-directory-traversal" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1146063", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1146063" - }, - { - "name" : "https://github.com/visionmedia/send/commit/9c6ca9b2c0b880afd3ff91ce0d211213c5fa5f9a", - "refsource" : "CONFIRM", - "url" : "https://github.com/visionmedia/send/commit/9c6ca9b2c0b880afd3ff91ce0d211213c5fa5f9a" - }, - { - "name" : "https://support.apple.com/HT205217", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205217" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21687263", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21687263" - }, - { - "name" : "APPLE-SA-2015-09-16-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html" - }, - { - "name" : "FEDORA-2014-11289", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139415.html" - }, - { - "name" : "FEDORA-2014-11421", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140020.html" - }, - { - "name" : "FEDORA-2014-11495", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139938.html" - }, - { - "name" : "70100", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70100" - }, - { - "name" : "62170", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62170" - }, - { - "name" : "nodejs-cve20146394-dir-traversal(96727)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96727" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using \"public-restricted\" under a \"public\" directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62170", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62170" + }, + { + "name": "[oss-security] 20140924 Re: CVE request: various NodeJS module vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/09/30/10" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1146063", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1146063" + }, + { + "name": "https://nodesecurity.io/advisories/send-directory-traversal", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/send-directory-traversal" + }, + { + "name": "https://github.com/visionmedia/send/pull/59", + "refsource": "MISC", + "url": "https://github.com/visionmedia/send/pull/59" + }, + { + "name": "https://support.apple.com/HT205217", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205217" + }, + { + "name": "https://github.com/visionmedia/send/commit/9c6ca9b2c0b880afd3ff91ce0d211213c5fa5f9a", + "refsource": "CONFIRM", + "url": "https://github.com/visionmedia/send/commit/9c6ca9b2c0b880afd3ff91ce0d211213c5fa5f9a" + }, + { + "name": "APPLE-SA-2015-09-16-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html" + }, + { + "name": "FEDORA-2014-11495", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139938.html" + }, + { + "name": "FEDORA-2014-11421", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140020.html" + }, + { + "name": "70100", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70100" + }, + { + "name": "nodejs-cve20146394-dir-traversal(96727)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96727" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21687263", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687263" + }, + { + "name": "FEDORA-2014-11289", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139415.html" + }, + { + "name": "[oss-security] 20140924 CVE request: various NodeJS module vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/09/24/1" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7099.json b/2014/7xxx/CVE-2014-7099.json index afcf01fd2a9..45019d05805 100644 --- a/2014/7xxx/CVE-2014-7099.json +++ b/2014/7xxx/CVE-2014-7099.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Woodcraft Magazine (aka com.magzter.woodcraftmagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#752073", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/752073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Woodcraft Magazine (aka com.magzter.woodcraftmagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#752073", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/752073" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7433.json b/2014/7xxx/CVE-2014-7433.json index d9a566da5a3..fadaa0134a7 100644 --- a/2014/7xxx/CVE-2014-7433.json +++ b/2014/7xxx/CVE-2014-7433.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Student ID (aka com.computas.studentbevis) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#702353", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/702353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Student ID (aka com.computas.studentbevis) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#702353", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/702353" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7490.json b/2014/7xxx/CVE-2014-7490.json index dd69ce89901..44c15f8cfa6 100644 --- a/2014/7xxx/CVE-2014-7490.json +++ b/2014/7xxx/CVE-2014-7490.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7490", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Menaka - Marathi (aka com.magzter.menakamarathi) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7490", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#876681", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/876681" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Menaka - Marathi (aka com.magzter.menakamarathi) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#876681", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/876681" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7635.json b/2014/7xxx/CVE-2014-7635.json index 4c7aeae158f..6ef849c04d3 100644 --- a/2014/7xxx/CVE-2014-7635.json +++ b/2014/7xxx/CVE-2014-7635.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7635", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7635", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0297.json b/2017/0xxx/CVE-2017-0297.json index ff45c846aa8..375fa46ed5e 100644 --- a/2017/0xxx/CVE-2017-0297.json +++ b/2017/0xxx/CVE-2017-0297.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka \"Windows Kernel Information Disclosure Vulnerability,\" a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0299, CVE-2017-0300." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Windows", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0297", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0297" - }, - { - "name" : "98840", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98840" - }, - { - "name" : "1038671", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka \"Windows Kernel Information Disclosure Vulnerability,\" a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0299, CVE-2017-0300." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98840", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98840" + }, + { + "name": "1038671", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038671" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0297", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0297" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0359.json b/2017/0xxx/CVE-2017-0359.json index 7853b97ffe7..08d00cb52ba 100644 --- a/2017/0xxx/CVE-2017-0359.json +++ b/2017/0xxx/CVE-2017-0359.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@debian.org", - "DATE_PUBLIC" : "2017-02-09T21:14:00.000Z", - "ID" : "CVE-2017-0359", - "STATE" : "PUBLIC", - "TITLE" : "diffoscope writes to arbitrary locations on disk based on the contents of an untrusted archive" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "diffoscope", - "version" : { - "version_data" : [ - { - "version_value" : "before 77" - } - ] - } - } - ] - }, - "vendor_name" : "Debian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "writes to arbitrary locations" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "DATE_PUBLIC": "2017-02-09T21:14:00.000Z", + "ID": "CVE-2017-0359", + "STATE": "PUBLIC", + "TITLE": "diffoscope writes to arbitrary locations on disk based on the contents of an untrusted archive" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "diffoscope", + "version": { + "version_data": [ + { + "version_value": "before 77" + } + ] + } + } + ] + }, + "vendor_name": "Debian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/854723", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/854723" - }, - { - "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0359", - "refsource" : "CONFIRM", - "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0359" - } - ] - }, - "source" : { - "advisory" : "https://bugs.debian.org/854723", - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "writes to arbitrary locations" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/854723", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/854723" + }, + { + "name": "https://security-tracker.debian.org/tracker/CVE-2017-0359", + "refsource": "CONFIRM", + "url": "https://security-tracker.debian.org/tracker/CVE-2017-0359" + } + ] + }, + "source": { + "advisory": "https://bugs.debian.org/854723", + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0360.json b/2017/0xxx/CVE-2017-0360.json index 32b0d962cef..ae06c0e995a 100644 --- a/2017/0xxx/CVE-2017-0360.json +++ b/2017/0xxx/CVE-2017-0360.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@debian.org", - "ID" : "CVE-2017-0360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "tryton-server before 3.4.0-3+deb8u3", - "version" : { - "version_data" : [ - { - "version_value" : "tryton-server before 3.4.0-3+deb8u3" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a \"same root name but with a suffix\" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2017-0360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tryton-server before 3.4.0-3+deb8u3", + "version": { + "version_data": [ + { + "version_value": "tryton-server before 3.4.0-3+deb8u3" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8", - "refsource" : "CONFIRM", - "url" : "http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8" - }, - { - "name" : "https://lists.debian.org/debian-security-announce/2017/msg00084.html", - "refsource" : "CONFIRM", - "url" : "https://lists.debian.org/debian-security-announce/2017/msg00084.html" - }, - { - "name" : "DSA-3826", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3826" - }, - { - "name" : "97489", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97489" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a \"same root name but with a suffix\" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3826", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3826" + }, + { + "name": "http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8", + "refsource": "CONFIRM", + "url": "http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8" + }, + { + "name": "https://lists.debian.org/debian-security-announce/2017/msg00084.html", + "refsource": "CONFIRM", + "url": "https://lists.debian.org/debian-security-announce/2017/msg00084.html" + }, + { + "name": "97489", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97489" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0577.json b/2017/0xxx/CVE-2017-0577.json index 6d35053060e..1cfbd744b65 100644 --- a/2017/0xxx/CVE-2017-0577.json +++ b/2017/0xxx/CVE-2017-0577.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33842951." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-04-01" - }, - { - "name" : "97348", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97348" - }, - { - "name" : "1038201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33842951." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-04-01" + }, + { + "name": "97348", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97348" + }, + { + "name": "1038201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038201" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0596.json b/2017/0xxx/CVE-2017-0596.json index 8c74eff54e1..1f483bdc23e 100644 --- a/2017/0xxx/CVE-2017-0596.json +++ b/2017/0xxx/CVE-2017-0596.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "4.4.4" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.1.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34749392." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "4.4.4" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "5.1.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/5443b57cc54f2e46b35246637be26a69e9f493e1", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/5443b57cc54f2e46b35246637be26a69e9f493e1" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98130", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98130" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34749392." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/5443b57cc54f2e46b35246637be26a69e9f493e1", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/5443b57cc54f2e46b35246637be26a69e9f493e1" + }, + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + }, + { + "name": "98130", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98130" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0626.json b/2017/0xxx/CVE-2017-0626.json index 53122cd8029..53df73996a2 100644 --- a/2017/0xxx/CVE-2017-0626.json +++ b/2017/0xxx/CVE-2017-0626.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0626", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393124. References: QC-CR#1088050." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98202", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98202" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393124. References: QC-CR#1088050." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98202", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98202" + }, + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0642.json b/2017/0xxx/CVE-2017-0642.json index cb995c9df19..625171c35e7 100644 --- a/2017/0xxx/CVE-2017-0642.json +++ b/2017/0xxx/CVE-2017-0642.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-07-05T00:00:00", - "ID" : "CVE-2017-0642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-5.0.2 Android-5.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34819017." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-07-05T00:00:00", + "ID": "CVE-2017-0642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-5.0.2 Android-5.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://android.googlesource.com/platform/external/libhevc/+/913d9e8d93d6b81bb8eac3fc2c1426651f5b259d", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/external/libhevc/+/913d9e8d93d6b81bb8eac3fc2c1426651f5b259d" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-06-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-06-01" - }, - { - "name" : "98868", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98868" - }, - { - "name" : "1038623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34819017." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-06-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-06-01" + }, + { + "name": "98868", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98868" + }, + { + "name": "https://android.googlesource.com/platform/external/libhevc/+/913d9e8d93d6b81bb8eac3fc2c1426651f5b259d", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/external/libhevc/+/913d9e8d93d6b81bb8eac3fc2c1426651f5b259d" + }, + { + "name": "1038623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038623" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000432.json b/2017/1000xxx/CVE-2017-1000432.json index 73d0c11b964..87459d60361 100644 --- a/2017/1000xxx/CVE-2017-1000432.json +++ b/2017/1000xxx/CVE-2017-1000432.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-12-29", - "ID" : "CVE-2017-1000432", - "REQUESTER" : "anandkmr27@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "vanilla forums", - "version" : { - "version_data" : [ - { - "version_value" : "2" - } - ] - } - } - ] - }, - "vendor_name" : "vanilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Request Forgery (CSRF)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-12-29", + "ID": "CVE-2017-1000432", + "REQUESTER": "anandkmr27@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43462", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43462/" - }, - { - "name" : "https://open.vanillaforums.com/discussion/28337/vanilla-2-1-5-released-and-2-0-18-14", - "refsource" : "CONFIRM", - "url" : "https://open.vanillaforums.com/discussion/28337/vanilla-2-1-5-released-and-2-0-18-14" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43462", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43462/" + }, + { + "name": "https://open.vanillaforums.com/discussion/28337/vanilla-2-1-5-released-and-2-0-18-14", + "refsource": "CONFIRM", + "url": "https://open.vanillaforums.com/discussion/28337/vanilla-2-1-5-released-and-2-0-18-14" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000442.json b/2017/1000xxx/CVE-2017-1000442.json index 8e15061bad8..251bd3d45ac 100644 --- a/2017/1000xxx/CVE-2017-1000442.json +++ b/2017/1000xxx/CVE-2017-1000442.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-12-29", - "ID" : "CVE-2017-1000442", - "REQUESTER" : "security@passbolt.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "passbolt", - "version" : { - "version_data" : [ - { - "version_value" : "1.6.4 and older" - } - ] - } - } - ] - }, - "vendor_name" : "passbolt" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-12-29", + "ID": "CVE-2017-1000442", + "REQUESTER": "security@passbolt.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.passbolt.com/incidents/20170914_xss_on_resource_urls", - "refsource" : "CONFIRM", - "url" : "https://www.passbolt.com/incidents/20170914_xss_on_resource_urls" - }, - { - "name" : "https://www.passbolt.com/release/notes#September", - "refsource" : "CONFIRM", - "url" : "https://www.passbolt.com/release/notes#September" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.passbolt.com/incidents/20170914_xss_on_resource_urls", + "refsource": "CONFIRM", + "url": "https://www.passbolt.com/incidents/20170914_xss_on_resource_urls" + }, + { + "name": "https://www.passbolt.com/release/notes#September", + "refsource": "CONFIRM", + "url": "https://www.passbolt.com/release/notes#September" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18048.json b/2017/18xxx/CVE-2017-18048.json index 18ffda19ce1..3e439af384c 100644 --- a/2017/18xxx/CVE-2017-18048.json +++ b/2017/18xxx/CVE-2017-18048.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43348", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43348/" - }, - { - "name" : "https://blogs.securiteam.com/index.php/archives/3559", - "refsource" : "MISC", - "url" : "https://blogs.securiteam.com/index.php/archives/3559" - }, - { - "name" : "https://github.com/monstra-cms/monstra/issues/426", - "refsource" : "MISC", - "url" : "https://github.com/monstra-cms/monstra/issues/426" - }, - { - "name" : "https://securityprince.blogspot.in/2017/12/monstra-cms-304-arbitrary-file-upload.html", - "refsource" : "MISC", - "url" : "https://securityprince.blogspot.in/2017/12/monstra-cms-304-arbitrary-file-upload.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/monstra-cms/monstra/issues/426", + "refsource": "MISC", + "url": "https://github.com/monstra-cms/monstra/issues/426" + }, + { + "name": "43348", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43348/" + }, + { + "name": "https://securityprince.blogspot.in/2017/12/monstra-cms-304-arbitrary-file-upload.html", + "refsource": "MISC", + "url": "https://securityprince.blogspot.in/2017/12/monstra-cms-304-arbitrary-file-upload.html" + }, + { + "name": "https://blogs.securiteam.com/index.php/archives/3559", + "refsource": "MISC", + "url": "https://blogs.securiteam.com/index.php/archives/3559" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1676.json b/2017/1xxx/CVE-2017-1676.json index 7e90767d4e9..ea268ace10a 100644 --- a/2017/1xxx/CVE-2017-1676.json +++ b/2017/1xxx/CVE-2017-1676.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1676", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1676", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1934.json b/2017/1xxx/CVE-2017-1934.json index ea720419a1b..2e337257502 100644 --- a/2017/1xxx/CVE-2017-1934.json +++ b/2017/1xxx/CVE-2017-1934.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1934", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1934", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5317.json b/2017/5xxx/CVE-2017-5317.json index b168a17e85a..0bf8de8774d 100644 --- a/2017/5xxx/CVE-2017-5317.json +++ b/2017/5xxx/CVE-2017-5317.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5317", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5317", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5482.json b/2017/5xxx/CVE-2017-5482.json index 423732baf71..825efe47d88 100644 --- a/2017/5xxx/CVE-2017-5482.json +++ b/2017/5xxx/CVE-2017-5482.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", - "refsource" : "CONFIRM", - "url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" - }, - { - "name" : "DSA-3775", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3775" - }, - { - "name" : "GLSA-201702-30", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-30" - }, - { - "name" : "RHSA-2017:1871", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1871" - }, - { - "name" : "95852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95852" - }, - { - "name" : "1037755", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037755", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037755" + }, + { + "name": "DSA-3775", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3775" + }, + { + "name": "RHSA-2017:1871", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1871" + }, + { + "name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", + "refsource": "CONFIRM", + "url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" + }, + { + "name": "95852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95852" + }, + { + "name": "GLSA-201702-30", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-30" + } + ] + } +} \ No newline at end of file