From 2d1015c0f4105c89c81e0ee6710dbc063bad2479 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:13:09 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0091.json | 150 ++++++++-------- 2006/0xxx/CVE-2006-0425.json | 170 +++++++++--------- 2006/3xxx/CVE-2006-3137.json | 150 ++++++++-------- 2006/3xxx/CVE-2006-3187.json | 160 ++++++++--------- 2006/3xxx/CVE-2006-3441.json | 260 +++++++++++++-------------- 2006/4xxx/CVE-2006-4485.json | 230 ++++++++++++------------ 2006/4xxx/CVE-2006-4652.json | 150 ++++++++-------- 2006/4xxx/CVE-2006-4973.json | 170 +++++++++--------- 2006/6xxx/CVE-2006-6531.json | 150 ++++++++-------- 2006/6xxx/CVE-2006-6995.json | 140 +++++++-------- 2006/7xxx/CVE-2006-7159.json | 150 ++++++++-------- 2010/2xxx/CVE-2010-2438.json | 130 +++++++------- 2010/2xxx/CVE-2010-2481.json | 230 ++++++++++++------------ 2010/2xxx/CVE-2010-2608.json | 34 ++-- 2010/2xxx/CVE-2010-2888.json | 140 +++++++-------- 2011/0xxx/CVE-2011-0071.json | 200 ++++++++++----------- 2011/0xxx/CVE-2011-0224.json | 150 ++++++++-------- 2011/0xxx/CVE-2011-0593.json | 200 ++++++++++----------- 2011/0xxx/CVE-2011-0644.json | 160 ++++++++--------- 2011/0xxx/CVE-2011-0807.json | 130 +++++++------- 2011/1xxx/CVE-2011-1004.json | 270 ++++++++++++++-------------- 2011/1xxx/CVE-2011-1128.json | 150 ++++++++-------- 2011/1xxx/CVE-2011-1381.json | 120 ++++++------- 2011/1xxx/CVE-2011-1834.json | 150 ++++++++-------- 2011/1xxx/CVE-2011-1959.json | 310 ++++++++++++++++----------------- 2011/5xxx/CVE-2011-5297.json | 120 ++++++------- 2014/3xxx/CVE-2014-3104.json | 130 +++++++------- 2014/3xxx/CVE-2014-3194.json | 150 ++++++++-------- 2014/3xxx/CVE-2014-3280.json | 160 ++++++++--------- 2014/3xxx/CVE-2014-3409.json | 170 +++++++++--------- 2014/3xxx/CVE-2014-3640.json | 200 ++++++++++----------- 2014/6xxx/CVE-2014-6000.json | 140 +++++++-------- 2014/6xxx/CVE-2014-6113.json | 130 +++++++------- 2014/6xxx/CVE-2014-6205.json | 34 ++-- 2014/6xxx/CVE-2014-6482.json | 150 ++++++++-------- 2014/6xxx/CVE-2014-6859.json | 140 +++++++-------- 2014/7xxx/CVE-2014-7105.json | 34 ++-- 2014/7xxx/CVE-2014-7211.json | 34 ++-- 2014/7xxx/CVE-2014-7558.json | 140 +++++++-------- 2014/7xxx/CVE-2014-7785.json | 140 +++++++-------- 2014/7xxx/CVE-2014-7812.json | 140 +++++++-------- 2014/7xxx/CVE-2014-7940.json | 280 ++++++++++++++--------------- 2014/8xxx/CVE-2014-8233.json | 34 ++-- 2016/2xxx/CVE-2016-2349.json | 140 +++++++-------- 2016/2xxx/CVE-2016-2478.json | 130 +++++++------- 2016/2xxx/CVE-2016-2508.json | 140 +++++++-------- 2016/2xxx/CVE-2016-2641.json | 34 ++-- 2016/2xxx/CVE-2016-2690.json | 34 ++-- 2017/18xxx/CVE-2017-18279.json | 34 ++-- 2017/1xxx/CVE-2017-1011.json | 34 ++-- 2017/1xxx/CVE-2017-1218.json | 158 ++++++++--------- 2017/5xxx/CVE-2017-5130.json | 190 ++++++++++---------- 2017/5xxx/CVE-2017-5338.json | 34 ++-- 2017/5xxx/CVE-2017-5358.json | 160 ++++++++--------- 2017/5xxx/CVE-2017-5428.json | 184 +++++++++---------- 55 files changed, 3926 insertions(+), 3926 deletions(-) diff --git a/2006/0xxx/CVE-2006-0091.json b/2006/0xxx/CVE-2006-0091.json index 54fd5121a78..db01d9a9ebc 100644 --- a/2006/0xxx/CVE-2006-0091.json +++ b/2006/0xxx/CVE-2006-0091.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with \"Inline HTML\" enabled, allows remote attackers to inject arbitrary web script or HTML via e-mail attachments, which are rendered inline." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060103 Open Xchange XSS", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=113629092325679&w=2" - }, - { - "name" : "ADV-2006-0034", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0034" - }, - { - "name" : "1015431", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015431" - }, - { - "name" : "18285", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18285" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with \"Inline HTML\" enabled, allows remote attackers to inject arbitrary web script or HTML via e-mail attachments, which are rendered inline." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060103 Open Xchange XSS", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=113629092325679&w=2" + }, + { + "name": "1015431", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015431" + }, + { + "name": "18285", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18285" + }, + { + "name": "ADV-2006-0034", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0034" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0425.json b/2006/0xxx/CVE-2006-0425.json index 0b0c4d06142..61b90b4f51c 100644 --- a/2006/0xxx/CVE-2006-0425.json +++ b/2006/0xxx/CVE-2006-0425.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA06-112.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/169" - }, - { - "name" : "16358", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16358" - }, - { - "name" : "ADV-2006-0312", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0312" - }, - { - "name" : "1015528", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015528" - }, - { - "name" : "18593", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18593" - }, - { - "name" : "weblogic-deployment-descriptor-disclosure(24297)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24297" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18593", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18593" + }, + { + "name": "weblogic-deployment-descriptor-disclosure(24297)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24297" + }, + { + "name": "ADV-2006-0312", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0312" + }, + { + "name": "1015528", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015528" + }, + { + "name": "BEA06-112.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/169" + }, + { + "name": "16358", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16358" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3137.json b/2006/3xxx/CVE-2006-3137.json index e131ce83cc1..e2b43590a0a 100644 --- a/2006/3xxx/CVE-2006-3137.json +++ b/2006/3xxx/CVE-2006-3137.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge eCommerce Shop allows remote attackers to inject arbitrary web script or HTML via the cart_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/edge-ecommerce-shop-xss.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/edge-ecommerce-shop-xss.html" - }, - { - "name" : "18528", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18528" - }, - { - "name" : "ADV-2006-2425", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2425" - }, - { - "name" : "edgeecommerce-productdetail-xss(27204)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge eCommerce Shop allows remote attackers to inject arbitrary web script or HTML via the cart_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2006/06/edge-ecommerce-shop-xss.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/edge-ecommerce-shop-xss.html" + }, + { + "name": "edgeecommerce-productdetail-xss(27204)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27204" + }, + { + "name": "ADV-2006-2425", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2425" + }, + { + "name": "18528", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18528" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3187.json b/2006/3xxx/CVE-2006-3187.json index 819510f75c4..25013be3f57 100644 --- a/2006/3xxx/CVE-2006-3187.json +++ b/2006/3xxx/CVE-2006-3187.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3187", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Sharky e-shop 3.05 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) maingroup and (2) secondgroup parameters to (a) search_prod_list.asp, and the (3) maingroup parameter to (b) meny2.asp. NOTE: it is possible that this is resultant from SQL injection or a forced SQL error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3187", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/sharky-e-shop-xss.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/sharky-e-shop-xss.html" - }, - { - "name" : "18530", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18530" - }, - { - "name" : "18532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18532" - }, - { - "name" : "ADV-2006-2426", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2426" - }, - { - "name" : "sharky-meny2-searchprodlist-xss(27207)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27207" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Sharky e-shop 3.05 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) maingroup and (2) secondgroup parameters to (a) search_prod_list.asp, and the (3) maingroup parameter to (b) meny2.asp. NOTE: it is possible that this is resultant from SQL injection or a forced SQL error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18532" + }, + { + "name": "18530", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18530" + }, + { + "name": "sharky-meny2-searchprodlist-xss(27207)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27207" + }, + { + "name": "http://pridels0.blogspot.com/2006/06/sharky-e-shop-xss.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/sharky-e-shop-xss.html" + }, + { + "name": "ADV-2006-2426", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2426" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3441.json b/2006/3xxx/CVE-2006-3441.json index ef36cff3ee8..db511805bfa 100644 --- a/2006/3xxx/CVE-2006-3441.json +++ b/2006/3xxx/CVE-2006-3441.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3441", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-3441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060808 Microsoft DNS Client Character String Buffer Overflow Vulnerability", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/xforce/alerts/id/233" - }, - { - "name" : "20060808 Microsoft DNS Client ATMA Buffer Overflow Vulnerability", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/xforce/alerts/id/234" - }, - { - "name" : "20060808 Microsoft DNS Client Integer Overflow Vulnerability", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/xforce/alerts/id/235" - }, - { - "name" : "MS06-041", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-041" - }, - { - "name" : "TA06-220A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" - }, - { - "name" : "VU#794580", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/794580" - }, - { - "name" : "19404", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19404" - }, - { - "name" : "ADV-2006-3211", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3211" - }, - { - "name" : "27844", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27844" - }, - { - "name" : "oval:org.mitre.oval:def:723", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A723" - }, - { - "name" : "1016653", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016653" - }, - { - "name" : "21394", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21394" - }, - { - "name" : "dns-data-string-bo(28240)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28240" - }, - { - "name" : "dns-rrdatalen-underflow(24586)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24586" - }, - { - "name" : "win-dns-client-bo(28013)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS06-041", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-041" + }, + { + "name": "1016653", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016653" + }, + { + "name": "win-dns-client-bo(28013)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28013" + }, + { + "name": "20060808 Microsoft DNS Client Character String Buffer Overflow Vulnerability", + "refsource": "ISS", + "url": "http://xforce.iss.net/xforce/alerts/id/233" + }, + { + "name": "20060808 Microsoft DNS Client Integer Overflow Vulnerability", + "refsource": "ISS", + "url": "http://xforce.iss.net/xforce/alerts/id/235" + }, + { + "name": "dns-data-string-bo(28240)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28240" + }, + { + "name": "ADV-2006-3211", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3211" + }, + { + "name": "VU#794580", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/794580" + }, + { + "name": "21394", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21394" + }, + { + "name": "oval:org.mitre.oval:def:723", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A723" + }, + { + "name": "27844", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27844" + }, + { + "name": "TA06-220A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" + }, + { + "name": "19404", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19404" + }, + { + "name": "20060808 Microsoft DNS Client ATMA Buffer Overflow Vulnerability", + "refsource": "ISS", + "url": "http://xforce.iss.net/xforce/alerts/id/234" + }, + { + "name": "dns-rrdatalen-underflow(24586)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24586" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4485.json b/2006/4xxx/CVE-2006-4485.json index db21c5ce3e9..5fc12743c46 100644 --- a/2006/4xxx/CVE-2006-4485.json +++ b/2006/4xxx/CVE-2006-4485.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.php.net/release_5_1_5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/release_5_1_5.php" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm" - }, - { - "name" : "MDKSA-2006:162", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:162" - }, - { - "name" : "RHSA-2006:0688", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0688.html" - }, - { - "name" : "USN-362-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-362-1" - }, - { - "name" : "19582", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19582" - }, - { - "name" : "ADV-2006-3318", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3318" - }, - { - "name" : "1016984", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016984" - }, - { - "name" : "21546", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21546" - }, - { - "name" : "21842", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21842" - }, - { - "name" : "22538", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22538" - }, - { - "name" : "22331", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22331" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016984", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016984" + }, + { + "name": "http://www.php.net/release_5_1_5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/release_5_1_5.php" + }, + { + "name": "RHSA-2006:0688", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0688.html" + }, + { + "name": "USN-362-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-362-1" + }, + { + "name": "MDKSA-2006:162", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:162" + }, + { + "name": "19582", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19582" + }, + { + "name": "22538", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22538" + }, + { + "name": "21546", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21546" + }, + { + "name": "ADV-2006-3318", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3318" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-223.htm" + }, + { + "name": "22331", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22331" + }, + { + "name": "21842", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21842" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4652.json b/2006/4xxx/CVE-2006-4652.json index da5120d7a42..a39cf9db100 100644 --- a/2006/4xxx/CVE-2006-4652.json +++ b/2006/4xxx/CVE-2006-4652.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "(1) Amazing Little Poll and (2) Amazing Little Picture Poll have a default password of \"dsapoll\", which allows remote attackers to create a new poll by entering default credentials via lp_admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060904 The Amazing Little Poll Admin Pwd", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445081/100/0/threaded" - }, - { - "name" : "19837", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19837" - }, - { - "name" : "1527", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1527" - }, - { - "name" : "alpoll-admin-auth-bypass(28737)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28737" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "(1) Amazing Little Poll and (2) Amazing Little Picture Poll have a default password of \"dsapoll\", which allows remote attackers to create a new poll by entering default credentials via lp_admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19837", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19837" + }, + { + "name": "20060904 The Amazing Little Poll Admin Pwd", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445081/100/0/threaded" + }, + { + "name": "1527", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1527" + }, + { + "name": "alpoll-admin-auth-bypass(28737)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28737" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4973.json b/2006/4xxx/CVE-2006-4973.json index 1f82f8f82e3..9927fd9802e 100644 --- a/2006/4xxx/CVE-2006-4973.json +++ b/2006/4xxx/CVE-2006-4973.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke before 3.3.5, and 4.x before 4.3.5, allows remote attackers to inject arbitrary HTML via the error parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.secureshapes.com/advisories/vuln20-09-2006.htm", - "refsource" : "MISC", - "url" : "http://www.secureshapes.com/advisories/vuln20-09-2006.htm" - }, - { - "name" : "http://www.dotnetnuke.com/About/WhatIsDotNetNuke/SecurityPolicy/SecurityBulletinno3/tabid/990/Default.aspx", - "refsource" : "CONFIRM", - "url" : "http://www.dotnetnuke.com/About/WhatIsDotNetNuke/SecurityPolicy/SecurityBulletinno3/tabid/990/Default.aspx" - }, - { - "name" : "20117", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20117" - }, - { - "name" : "ADV-2006-3734", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3734" - }, - { - "name" : "22051", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22051" - }, - { - "name" : "dotnetnuke-default-xss(29048)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke before 3.3.5, and 4.x before 4.3.5, allows remote attackers to inject arbitrary HTML via the error parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.dotnetnuke.com/About/WhatIsDotNetNuke/SecurityPolicy/SecurityBulletinno3/tabid/990/Default.aspx", + "refsource": "CONFIRM", + "url": "http://www.dotnetnuke.com/About/WhatIsDotNetNuke/SecurityPolicy/SecurityBulletinno3/tabid/990/Default.aspx" + }, + { + "name": "22051", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22051" + }, + { + "name": "ADV-2006-3734", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3734" + }, + { + "name": "dotnetnuke-default-xss(29048)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29048" + }, + { + "name": "http://www.secureshapes.com/advisories/vuln20-09-2006.htm", + "refsource": "MISC", + "url": "http://www.secureshapes.com/advisories/vuln20-09-2006.htm" + }, + { + "name": "20117", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20117" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6531.json b/2006/6xxx/CVE-2006-6531.json index 00c56867702..ac03476e343 100644 --- a/2006/6xxx/CVE-2006-6531.json +++ b/2006/6xxx/CVE-2006-6531.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML, and possibly obtain administrative access, via node titles." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/102605", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/102605" - }, - { - "name" : "ADV-2006-4941", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4941" - }, - { - "name" : "23295", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23295" - }, - { - "name" : "drupal-help-tip-xss(30807)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML, and possibly obtain administrative access, via node titles." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4941", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4941" + }, + { + "name": "23295", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23295" + }, + { + "name": "http://drupal.org/node/102605", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/102605" + }, + { + "name": "drupal-help-tip-xss(30807)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30807" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6995.json b/2006/6xxx/CVE-2006-6995.json index 54222ae010b..c0143f2d2ff 100644 --- a/2006/6xxx/CVE-2006-6995.json +++ b/2006/6xxx/CVE-2006-6995.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6995", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mycontacts.php in V3 Chat allows remote authenticated users to gain privileges as other users via a modified membername parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060617 V3Chat Instant Messenger - XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437755/100/200/threaded" - }, - { - "name" : "18543", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18543" - }, - { - "name" : "ADV-2006-2474", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mycontacts.php in V3 Chat allows remote authenticated users to gain privileges as other users via a modified membername parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18543", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18543" + }, + { + "name": "20060617 V3Chat Instant Messenger - XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437755/100/200/threaded" + }, + { + "name": "ADV-2006-2474", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2474" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7159.json b/2006/7xxx/CVE-2006-7159.json index 73999473a0a..f4a01498cbe 100644 --- a/2006/7xxx/CVE-2006-7159.json +++ b/2006/7xxx/CVE-2006-7159.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in include/prune_torrents.php in BTI-Tracker 1.3.2 (aka btitracker) allows remote attackers to delete arbitrary files via \"..\" sequences in the TORRENTSDIR parameter in a prune action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061006 Vulnerability in Btitracker", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447928/100/0/threaded" - }, - { - "name" : "20422", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20422" - }, - { - "name" : "22322", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22322" - }, - { - "name" : "2377", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in include/prune_torrents.php in BTI-Tracker 1.3.2 (aka btitracker) allows remote attackers to delete arbitrary files via \"..\" sequences in the TORRENTSDIR parameter in a prune action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22322", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22322" + }, + { + "name": "2377", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2377" + }, + { + "name": "20422", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20422" + }, + { + "name": "20061006 Vulnerability in Btitracker", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447928/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2438.json b/2010/2xxx/CVE-2010-2438.json index b13e0843cac..d3127521a6b 100644 --- a/2010/2xxx/CVE-2010-2438.json +++ b/2010/2xxx/CVE-2010-2438.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in G.CMS generator allows remote attackers to execute arbitrary SQL commands via the lang parameter to the default URI, probably index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13954", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13954" - }, - { - "name" : "gcmsgenerator-unspecified-sql-injection(59621)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in G.CMS generator allows remote attackers to execute arbitrary SQL commands via the lang parameter to the default URI, probably index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gcmsgenerator-unspecified-sql-injection(59621)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59621" + }, + { + "name": "13954", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13954" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2481.json b/2010/2xxx/CVE-2010-2481.json index 5da5d38d112..9d9bfd8d7ae 100644 --- a/2010/2xxx/CVE-2010-2481.json +++ b/2010/2xxx/CVE-2010-2481.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100623 CVE requests: LibTIFF", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127731610612908&w=2" - }, - { - "name" : "[oss-security] 20100624 Re: CVE requests: LibTIFF", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127738540902757&w=2" - }, - { - "name" : "[oss-security] 20100624 Re: CVE requests: LibTIFF", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127736307002102&w=2" - }, - { - "name" : "[oss-security] 20100629 Re: CVE requests: LibTIFF", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127781315415896&w=2" - }, - { - "name" : "[oss-security] 20100630 Re: CVE requests: LibTIFF", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/06/30/22" - }, - { - "name" : "[oss-security] 20100701 Re: CVE requests: LibTIFF", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127797353202873&w=2" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2210", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2210" - }, - { - "name" : "GLSA-201209-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-02.xml" - }, - { - "name" : "RHSA-2010:0519", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0519.html" - }, - { - "name" : "40527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40527" - }, - { - "name" : "50726", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50726" - }, - { - "name" : "ADV-2010-1761", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1761" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100624 Re: CVE requests: LibTIFF", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127736307002102&w=2" + }, + { + "name": "40527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40527" + }, + { + "name": "[oss-security] 20100629 Re: CVE requests: LibTIFF", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127781315415896&w=2" + }, + { + "name": "[oss-security] 20100623 CVE requests: LibTIFF", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127731610612908&w=2" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2210", + "refsource": "CONFIRM", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2210" + }, + { + "name": "ADV-2010-1761", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1761" + }, + { + "name": "GLSA-201209-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-02.xml" + }, + { + "name": "RHSA-2010:0519", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0519.html" + }, + { + "name": "[oss-security] 20100624 Re: CVE requests: LibTIFF", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127738540902757&w=2" + }, + { + "name": "[oss-security] 20100701 Re: CVE requests: LibTIFF", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127797353202873&w=2" + }, + { + "name": "[oss-security] 20100630 Re: CVE requests: LibTIFF", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/06/30/22" + }, + { + "name": "50726", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50726" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2608.json b/2010/2xxx/CVE-2010-2608.json index d6bf0e1f5c6..184594f88de 100644 --- a/2010/2xxx/CVE-2010-2608.json +++ b/2010/2xxx/CVE-2010-2608.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2608", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2608", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2888.json b/2010/2xxx/CVE-2010-2888.json index 0cef4e0cdb2..59005fbd195 100644 --- a/2010/2xxx/CVE-2010-2888.json +++ b/2010/2xxx/CVE-2010-2888.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in an ActiveX control in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Windows allow attackers to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html" - }, - { - "name" : "TA10-279A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" - }, - { - "name" : "oval:org.mitre.oval:def:7348", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7348" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in an ActiveX control in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Windows allow attackers to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:7348", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7348" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-21.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-21.html" + }, + { + "name": "TA10-279A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0071.json b/2011/0xxx/CVE-2011-0071.json index 65517510420..4fed5309c2d 100644 --- a/2011/0xxx/CVE-2011-0071.json +++ b/2011/0xxx/CVE-2011-0071.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-16.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-16.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=624764", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=624764" - }, - { - "name" : "http://downloads.avaya.com/css/P8/documents/100144158", - "refsource" : "CONFIRM", - "url" : "http://downloads.avaya.com/css/P8/documents/100144158" - }, - { - "name" : "DSA-2227", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2227" - }, - { - "name" : "DSA-2228", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2228" - }, - { - "name" : "DSA-2235", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2235" - }, - { - "name" : "MDVSA-2011:080", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:080" - }, - { - "name" : "MDVSA-2011:079", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079" - }, - { - "name" : "oval:org.mitre.oval:def:14058", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14058" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2228", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2228" + }, + { + "name": "MDVSA-2011:079", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=624764", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=624764" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-16.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-16.html" + }, + { + "name": "DSA-2235", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2235" + }, + { + "name": "oval:org.mitre.oval:def:14058", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14058" + }, + { + "name": "MDVSA-2011:080", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:080" + }, + { + "name": "DSA-2227", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2227" + }, + { + "name": "http://downloads.avaya.com/css/P8/documents/100144158", + "refsource": "CONFIRM", + "url": "http://downloads.avaya.com/css/P8/documents/100144158" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0224.json b/2011/0xxx/CVE-2011-0224.json index 14bbde1d63d..a6b17c5af25 100644 --- a/2011/0xxx/CVE-2011-0224.json +++ b/2011/0xxx/CVE-2011-0224.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5002", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5002" - }, - { - "name" : "APPLE-SA-2011-10-12-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" - }, - { - "name" : "50095", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50095" - }, - { - "name" : "50085", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50095", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50095" + }, + { + "name": "APPLE-SA-2011-10-12-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5002", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5002" + }, + { + "name": "50085", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50085" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0593.json b/2011/0xxx/CVE-2011-0593.json index 0d2a88182ed..ff8930e155a 100644 --- a/2011/0xxx/CVE-2011-0593.json +++ b/2011/0xxx/CVE-2011-0593.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0595, and CVE-2011-0600." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-0593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-069/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-069/" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html" - }, - { - "name" : "RHSA-2011:0301", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0301.html" - }, - { - "name" : "46211", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46211" - }, - { - "name" : "oval:org.mitre.oval:def:12258", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12258" - }, - { - "name" : "1025033", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025033" - }, - { - "name" : "43470", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43470" - }, - { - "name" : "ADV-2011-0337", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0337" - }, - { - "name" : "ADV-2011-0492", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0492" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0595, and CVE-2011-0600." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12258", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12258" + }, + { + "name": "ADV-2011-0492", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0492" + }, + { + "name": "43470", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43470" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-069/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-069/" + }, + { + "name": "RHSA-2011:0301", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0301.html" + }, + { + "name": "ADV-2011-0337", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0337" + }, + { + "name": "46211", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46211" + }, + { + "name": "1025033", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025033" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-03.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0644.json b/2011/0xxx/CVE-2011-0644.json index 68b8c31454e..d09153b80e4 100644 --- a/2011/0xxx/CVE-2011-0644.json +++ b/2011/0xxx/CVE-2011-0644.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in include/admin/model_field.class.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the modelid parameter to flash_upload.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "16019", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/16019" - }, - { - "name" : "45933", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45933" - }, - { - "name" : "70598", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70598" - }, - { - "name" : "43007", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43007" - }, - { - "name" : "phpcms-flashupload-sql-injection(64828)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64828" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in include/admin/model_field.class.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the modelid parameter to flash_upload.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43007", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43007" + }, + { + "name": "phpcms-flashupload-sql-injection(64828)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64828" + }, + { + "name": "16019", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/16019" + }, + { + "name": "70598", + "refsource": "OSVDB", + "url": "http://osvdb.org/70598" + }, + { + "name": "45933", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45933" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0807.json b/2011/0xxx/CVE-2011-0807.json index 10cdfa2bd0d..8a61809d238 100644 --- a/2011/0xxx/CVE-2011-0807.json +++ b/2011/0xxx/CVE-2011-0807.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" - }, - { - "name" : "8327", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8327" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" + }, + { + "name": "8327", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8327" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1004.json b/2011/1xxx/CVE-2011-1004.json index 13ae4d7f1dd..d83a5fcd7c8 100644 --- a/2011/1xxx/CVE-2011-1004.json +++ b/2011/1xxx/CVE-2011-1004.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110221 CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/02/21/2" - }, - { - "name" : "[oss-security] 20110221 Re: CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/02/21/5" - }, - { - "name" : "http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/", - "refsource" : "CONFIRM", - "url" : "http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=678913", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=678913" - }, - { - "name" : "http://support.apple.com/kb/HT5281", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5281" - }, - { - "name" : "APPLE-SA-2012-05-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" - }, - { - "name" : "FEDORA-2011-1876", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054422.html" - }, - { - "name" : "FEDORA-2011-1913", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054436.html" - }, - { - "name" : "MDVSA-2011:097", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:097" - }, - { - "name" : "RHSA-2011:0909", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0909.html" - }, - { - "name" : "RHSA-2011:0910", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0910.html" - }, - { - "name" : "46460", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46460" - }, - { - "name" : "70958", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70958" - }, - { - "name" : "43434", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43434" - }, - { - "name" : "43573", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43573" - }, - { - "name" : "ADV-2011-0539", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2011:0910", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0910.html" + }, + { + "name": "46460", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46460" + }, + { + "name": "[oss-security] 20110221 Re: CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/02/21/5" + }, + { + "name": "ADV-2011-0539", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0539" + }, + { + "name": "RHSA-2011:0909", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0909.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=678913", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678913" + }, + { + "name": "43573", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43573" + }, + { + "name": "[oss-security] 20110221 CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/02/21/2" + }, + { + "name": "70958", + "refsource": "OSVDB", + "url": "http://osvdb.org/70958" + }, + { + "name": "FEDORA-2011-1876", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054422.html" + }, + { + "name": "FEDORA-2011-1913", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054436.html" + }, + { + "name": "43434", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43434" + }, + { + "name": "http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/", + "refsource": "CONFIRM", + "url": "http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/" + }, + { + "name": "http://support.apple.com/kb/HT5281", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5281" + }, + { + "name": "MDVSA-2011:097", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:097" + }, + { + "name": "APPLE-SA-2012-05-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1128.json b/2011/1xxx/CVE-2011-1128.json index 56efb986228..c8afba174c5 100644 --- a/2011/1xxx/CVE-2011-1128.json +++ b/2011/1xxx/CVE-2011-1128.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1128", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The loadUserSettings function in Load.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote attackers to obtain access or cause a denial of service via a brute-force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1128", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110222 CVE request: simple machines forum before 1.1.13", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/02/22/17" - }, - { - "name" : "[oss-security] 20110302 Re: CVE request: simple machines forum before 1.1.13", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/03/02/4" - }, - { - "name" : "http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip", - "refsource" : "CONFIRM", - "url" : "http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip" - }, - { - "name" : "http://www.simplemachines.org/community/index.php?topic=421547.0", - "refsource" : "CONFIRM", - "url" : "http://www.simplemachines.org/community/index.php?topic=421547.0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The loadUserSettings function in Load.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote attackers to obtain access or cause a denial of service via a brute-force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110222 CVE request: simple machines forum before 1.1.13", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/02/22/17" + }, + { + "name": "http://www.simplemachines.org/community/index.php?topic=421547.0", + "refsource": "CONFIRM", + "url": "http://www.simplemachines.org/community/index.php?topic=421547.0" + }, + { + "name": "[oss-security] 20110302 Re: CVE request: simple machines forum before 1.1.13", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/03/02/4" + }, + { + "name": "http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip", + "refsource": "CONFIRM", + "url": "http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1381.json b/2011/1xxx/CVE-2011-1381.json index c8013319cf8..284417d5396 100644 --- a/2011/1xxx/CVE-2011-1381.json +++ b/2011/1xxx/CVE-2011-1381.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to bypass intended access restrictions via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676990", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676990" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to bypass intended access restrictions via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676990", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676990" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1834.json b/2011/1xxx/CVE-2011-1834.json index 4facf466fcf..05e82c7f5a2 100644 --- a/2011/1xxx/CVE-2011-1834.json +++ b/2011/1xxx/CVE-2011-1834.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2011-1834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=729465", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=729465" - }, - { - "name" : "https://launchpad.net/ecryptfs/+download", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/ecryptfs/+download" - }, - { - "name" : "SUSE-SU-2011:0898", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html" - }, - { - "name" : "USN-1188-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1188-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2011:0898", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html" + }, + { + "name": "https://launchpad.net/ecryptfs/+download", + "refsource": "CONFIRM", + "url": "https://launchpad.net/ecryptfs/+download" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=729465", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=729465" + }, + { + "name": "USN-1188-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1188-1" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1959.json b/2011/1xxx/CVE-2011-1959.json index ef73bb49a58..490c897bd73 100644 --- a/2011/1xxx/CVE-2011-1959.json +++ b/2011/1xxx/CVE-2011-1959.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain virtualizable buffers, which allows remote attackers to cause a denial of service (application crash) via a large length value in a snoop file that triggers a stack-based buffer over-read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110531 CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/05/31/20" - }, - { - "name" : "[oss-security] 20110601 Re: CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/06/01/1" - }, - { - "name" : "[oss-security] 20110601 Re: CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/06/01/11" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=37068", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=37068" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2011-07.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2011-07.html" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2011-08.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2011-08.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5912", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5912" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=710039", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=710039" - }, - { - "name" : "DSA-2274", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2274" - }, - { - "name" : "FEDORA-2011-7821", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061290.html" - }, - { - "name" : "FEDORA-2011-7846", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061437.html" - }, - { - "name" : "FEDORA-2011-7858", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061477.html" - }, - { - "name" : "RHSA-2013:0125", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0125.html" - }, - { - "name" : "48066", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48066" - }, - { - "name" : "oval:org.mitre.oval:def:14656", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14656" - }, - { - "name" : "44449", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44449" - }, - { - "name" : "45149", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45149" - }, - { - "name" : "44958", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44958" - }, - { - "name" : "48947", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48947" - }, - { - "name" : "wireshark-snoop-dos(67792)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67792" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain virtualizable buffers, which allows remote attackers to cause a denial of service (application crash) via a large length value in a snoop file that triggers a stack-based buffer over-read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wireshark-snoop-dos(67792)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67792" + }, + { + "name": "44958", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44958" + }, + { + "name": "FEDORA-2011-7846", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061437.html" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2011-07.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2011-07.html" + }, + { + "name": "RHSA-2013:0125", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0125.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=710039", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=710039" + }, + { + "name": "48947", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48947" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5912", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5912" + }, + { + "name": "48066", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48066" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=37068", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=37068" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2011-08.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2011-08.html" + }, + { + "name": "DSA-2274", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2274" + }, + { + "name": "44449", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44449" + }, + { + "name": "[oss-security] 20110601 Re: CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/06/01/11" + }, + { + "name": "[oss-security] 20110601 Re: CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/06/01/1" + }, + { + "name": "FEDORA-2011-7821", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061290.html" + }, + { + "name": "[oss-security] 20110531 CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/05/31/20" + }, + { + "name": "FEDORA-2011-7858", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061477.html" + }, + { + "name": "45149", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45149" + }, + { + "name": "oval:org.mitre.oval:def:14656", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14656" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5297.json b/2011/5xxx/CVE-2011-5297.json index 7030fcbd0e5..5892587533d 100644 --- a/2011/5xxx/CVE-2011-5297.json +++ b/2011/5xxx/CVE-2011-5297.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in TTChat 1.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter to default.php or (2) the username parameter to chat_form.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB22996", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB22996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in TTChat 1.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter to default.php or (2) the username parameter to chat_form.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.com/advisory/HTB22996", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB22996" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3104.json b/2014/3xxx/CVE-2014-3104.json index e9682298384..39c36173c74 100644 --- a/2014/3xxx/CVE-2014-3104.json +++ b/2014/3xxx/CVE-2014-3104.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682942", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682942" - }, - { - "name" : "ibm-clearquest-cve20143104-xee(94311)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94311" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682942", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682942" + }, + { + "name": "ibm-clearquest-cve20143104-xee(94311)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94311" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3194.json b/2014/3xxx/CVE-2014-3194.json index 1205872bee9..b2020de493b 100644 --- a/2014/3xxx/CVE-2014-3194.json +++ b/2014/3xxx/CVE-2014-3194.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-3194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html" - }, - { - "name" : "https://crbug.com/401115", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/401115" - }, - { - "name" : "RHSA-2014:1626", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1626.html" - }, - { - "name" : "70273", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:1626", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1626.html" + }, + { + "name": "70273", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70273" + }, + { + "name": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html" + }, + { + "name": "https://crbug.com/401115", + "refsource": "CONFIRM", + "url": "https://crbug.com/401115" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3280.json b/2014/3xxx/CVE-2014-3280.json index 889a80f82a9..c8d8c41177b 100644 --- a/2014/3xxx/CVE-2014-3280.json +++ b/2014/3xxx/CVE-2014-3280.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page, aka Bug IDs CSCun46045 and CSCun46116." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34379", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34379" - }, - { - "name" : "20140527 Cisco Unified Communications Domain Manager Admin Information Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3280" - }, - { - "name" : "67661", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67661" - }, - { - "name" : "1030306", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030306" - }, - { - "name" : "58400", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page, aka Bug IDs CSCun46045 and CSCun46116." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030306", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030306" + }, + { + "name": "67661", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67661" + }, + { + "name": "20140527 Cisco Unified Communications Domain Manager Admin Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3280" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34379", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34379" + }, + { + "name": "58400", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58400" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3409.json b/2014/3xxx/CVE-2014-3409.json index 8e338163d19..732bb85c7d4 100644 --- a/2014/3xxx/CVE-2014-3409.json +++ b/2014/3xxx/CVE-2014-3409.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3409", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3409", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36184", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36184" - }, - { - "name" : "20141024 Cisco IOS and IOS XE Software Ethernet Connectivity Fault Management Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3409" - }, - { - "name" : "70715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70715" - }, - { - "name" : "1031119", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031119" - }, - { - "name" : "61799", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61799" - }, - { - "name" : "ciscoios-xe-cve20143409-dos(97758)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97758" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61799", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61799" + }, + { + "name": "1031119", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031119" + }, + { + "name": "70715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70715" + }, + { + "name": "20141024 Cisco IOS and IOS XE Software Ethernet Connectivity Fault Management Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3409" + }, + { + "name": "ciscoios-xe-cve20143409-dos(97758)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97758" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36184", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36184" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3640.json b/2014/3xxx/CVE-2014-3640.json index d4d5bd66295..80526321fd9 100644 --- a/2014/3xxx/CVE-2014-3640.json +++ b/2014/3xxx/CVE-2014-3640.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Qemu-devel] 20140918 [PATCH v2] slirp: udp: fix NULL pointer dereference because of uninitialized socket", - "refsource" : "MLIST", - "url" : "http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html" - }, - { - "name" : "[Qemu-devel] 20140923 Re: [PATCH v2] slirp: udp: fix NULL pointer dereference because of uninitialized socket", - "refsource" : "MLIST", - "url" : "http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg04598.html" - }, - { - "name" : "[Qemu-devel] 20140924 Re: [PATCH v2] slirp: udp: fix NULL pointer dereference because of uninitialized socket", - "refsource" : "MLIST", - "url" : "http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg04707.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1144818", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1144818" - }, - { - "name" : "DSA-3045", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3045" - }, - { - "name" : "DSA-3044", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3044" - }, - { - "name" : "RHSA-2015:0349", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0349.html" - }, - { - "name" : "RHSA-2015:0624", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0624.html" - }, - { - "name" : "USN-2409-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2409-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3045", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3045" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1144818", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144818" + }, + { + "name": "RHSA-2015:0624", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0624.html" + }, + { + "name": "RHSA-2015:0349", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0349.html" + }, + { + "name": "DSA-3044", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3044" + }, + { + "name": "[Qemu-devel] 20140923 Re: [PATCH v2] slirp: udp: fix NULL pointer dereference because of uninitialized socket", + "refsource": "MLIST", + "url": "http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg04598.html" + }, + { + "name": "[Qemu-devel] 20140918 [PATCH v2] slirp: udp: fix NULL pointer dereference because of uninitialized socket", + "refsource": "MLIST", + "url": "http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html" + }, + { + "name": "[Qemu-devel] 20140924 Re: [PATCH v2] slirp: udp: fix NULL pointer dereference because of uninitialized socket", + "refsource": "MLIST", + "url": "http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg04707.html" + }, + { + "name": "USN-2409-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2409-1" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6000.json b/2014/6xxx/CVE-2014-6000.json index e8e4ded785e..65f2e124b89 100644 --- a/2014/6xxx/CVE-2014-6000.json +++ b/2014/6xxx/CVE-2014-6000.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6000", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FreshDirect (aka com.freshdirect.android) application 2.7.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#517641", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/517641" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FreshDirect (aka com.freshdirect.android) application 2.7.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#517641", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/517641" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6113.json b/2014/6xxx/CVE-2014-6113.json index 4565cb716a0..470938aa462 100644 --- a/2014/6xxx/CVE-2014-6113.json +++ b/2014/6xxx/CVE-2014-6113.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21692516", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21692516" - }, - { - "name" : "ibm-endpointmanager-cve20146113-xss(96210)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21692516", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692516" + }, + { + "name": "ibm-endpointmanager-cve20146113-xss(96210)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96210" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6205.json b/2014/6xxx/CVE-2014-6205.json index 9570aa98b8a..ed2703fcb8b 100644 --- a/2014/6xxx/CVE-2014-6205.json +++ b/2014/6xxx/CVE-2014-6205.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6205", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6205", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6482.json b/2014/6xxx/CVE-2014-6482.json index 60bff4e0ce8..880f3d7cf16 100644 --- a/2014/6xxx/CVE-2014-6482.json +++ b/2014/6xxx/CVE-2014-6482.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect integrity via unknown vectors related to Updates Change Assistant." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70558", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70558" - }, - { - "name" : "1031044", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031044" - }, - { - "name" : "61701", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61701" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect integrity via unknown vectors related to Updates Change Assistant." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031044", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031044" + }, + { + "name": "61701", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61701" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "70558", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70558" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6859.json b/2014/6xxx/CVE-2014-6859.json index fffbb319084..8503675b896 100644 --- a/2014/6xxx/CVE-2014-6859.json +++ b/2014/6xxx/CVE-2014-6859.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6859", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Daum Maps - Subway (aka net.daum.android.map) application 3.9.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#139505", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/139505" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Daum Maps - Subway (aka net.daum.android.map) application 3.9.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#139505", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/139505" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7105.json b/2014/7xxx/CVE-2014-7105.json index ed4cf67f796..e57442fec56 100644 --- a/2014/7xxx/CVE-2014-7105.json +++ b/2014/7xxx/CVE-2014-7105.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7105", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7105", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7211.json b/2014/7xxx/CVE-2014-7211.json index 2d9fbe78995..37f15eb244a 100644 --- a/2014/7xxx/CVE-2014-7211.json +++ b/2014/7xxx/CVE-2014-7211.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7211", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7211", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7558.json b/2014/7xxx/CVE-2014-7558.json index 4bf38dcc3a4..515e5a6609f 100644 --- a/2014/7xxx/CVE-2014-7558.json +++ b/2014/7xxx/CVE-2014-7558.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Everest Poker (aka com.wEverestPoker) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#969081", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/969081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Everest Poker (aka com.wEverestPoker) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "VU#969081", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/969081" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7785.json b/2014/7xxx/CVE-2014-7785.json index aff0f29e75d..0e2d6f753d8 100644 --- a/2014/7xxx/CVE-2014-7785.json +++ b/2014/7xxx/CVE-2014-7785.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AAAA Discount Bail (aka com.onesolutionapps.aaaadiscountbailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#699361", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/699361" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AAAA Discount Bail (aka com.onesolutionapps.aaaadiscountbailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#699361", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/699361" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7812.json b/2014/7xxx/CVE-2014-7812.json index c39c46dbe68..5be2f6f3450 100644 --- a/2014/7xxx/CVE-2014-7812.json +++ b/2014/7xxx/CVE-2014-7812.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-7812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2015:0033", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0033.html" - }, - { - "name" : "SUSE-SU-2015:0928", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html" - }, - { - "name" : "62183", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:0033", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0033.html" + }, + { + "name": "62183", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62183" + }, + { + "name": "SUSE-SU-2015:0928", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7940.json b/2014/7xxx/CVE-2014-7940.json index 5d88eab9dcc..4de9e6a8d66 100644 --- a/2014/7xxx/CVE-2014-7940.json +++ b/2014/7xxx/CVE-2014-7940.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7940", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-7940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" - }, - { - "name" : "https://chromium.googlesource.com/chromium/deps/icu/+/866ff696e9022a6000afbab516fba62cfa306075", - "refsource" : "CONFIRM", - "url" : "https://chromium.googlesource.com/chromium/deps/icu/+/866ff696e9022a6000afbab516fba62cfa306075" - }, - { - "name" : "https://chromium.googlesource.com/chromium/src.git/+/87feb77547781a22b31c423bc0d57b7dca32d5b8", - "refsource" : "CONFIRM", - "url" : "https://chromium.googlesource.com/chromium/src.git/+/87feb77547781a22b31c423bc0d57b7dca32d5b8" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=433866", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=433866" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2015-0047.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2015-0047.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "GLSA-201502-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml" - }, - { - "name" : "GLSA-201503-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201503-06" - }, - { - "name" : "RHSA-2015:0093", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0093.html" - }, - { - "name" : "openSUSE-SU-2015:0441", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" - }, - { - "name" : "USN-2476-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2476-1" - }, - { - "name" : "72288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72288" - }, - { - "name" : "1031623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031623" - }, - { - "name" : "62575", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62575" - }, - { - "name" : "62383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62383" - }, - { - "name" : "62665", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62665", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62665" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "https://chromium.googlesource.com/chromium/src.git/+/87feb77547781a22b31c423bc0d57b7dca32d5b8", + "refsource": "CONFIRM", + "url": "https://chromium.googlesource.com/chromium/src.git/+/87feb77547781a22b31c423bc0d57b7dca32d5b8" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" + }, + { + "name": "62575", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62575" + }, + { + "name": "USN-2476-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2476-1" + }, + { + "name": "72288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72288" + }, + { + "name": "GLSA-201502-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "GLSA-201503-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201503-06" + }, + { + "name": "1031623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031623" + }, + { + "name": "https://chromium.googlesource.com/chromium/deps/icu/+/866ff696e9022a6000afbab516fba62cfa306075", + "refsource": "CONFIRM", + "url": "https://chromium.googlesource.com/chromium/deps/icu/+/866ff696e9022a6000afbab516fba62cfa306075" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=433866", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=433866" + }, + { + "name": "openSUSE-SU-2015:0441", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" + }, + { + "name": "http://advisories.mageia.org/MGASA-2015-0047.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2015-0047.html" + }, + { + "name": "RHSA-2015:0093", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0093.html" + }, + { + "name": "62383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62383" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8233.json b/2014/8xxx/CVE-2014-8233.json index e0d1f81e3ab..0c1c41f0f77 100644 --- a/2014/8xxx/CVE-2014-8233.json +++ b/2014/8xxx/CVE-2014-8233.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8233", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8233", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2349.json b/2016/2xxx/CVE-2016-2349.json index bab36786df7..e8c57da7097 100644 --- a/2016/2xxx/CVE-2016-2349.json +++ b/2016/2xxx/CVE-2016-2349.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-2349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bmcsites.force.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA214000000l6kbCAA&type=Solution", - "refsource" : "CONFIRM", - "url" : "https://bmcsites.force.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA214000000l6kbCAA&type=Solution" - }, - { - "name" : "95075", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95075" - }, - { - "name" : "1037529", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95075", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95075" + }, + { + "name": "1037529", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037529" + }, + { + "name": "https://bmcsites.force.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA214000000l6kbCAA&type=Solution", + "refsource": "CONFIRM", + "url": "https://bmcsites.force.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA214000000l6kbCAA&type=Solution" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2478.json b/2016/2xxx/CVE-2016-2478.json index 56a4c2925c7..b6e63bef947 100644 --- a/2016/2xxx/CVE-2016-2478.json +++ b/2016/2xxx/CVE-2016-2478.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles pointers, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27475409." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-06-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-06-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/hardware/qcom/media/+/f22c2a0f0f9e030c240468d9d18b9297f001bcf0", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/hardware/qcom/media/+/f22c2a0f0f9e030c240468d9d18b9297f001bcf0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles pointers, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27475409." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/hardware/qcom/media/+/f22c2a0f0f9e030c240468d9d18b9297f001bcf0", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/hardware/qcom/media/+/f22c2a0f0f9e030c240468d9d18b9297f001bcf0" + }, + { + "name": "http://source.android.com/security/bulletin/2016-06-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-06-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2508.json b/2016/2xxx/CVE-2016-2508.json index d1360593e2d..21de5de3521 100644 --- a/2016/2xxx/CVE-2016-2508.json +++ b/2016/2xxx/CVE-2016-2508.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate certain track data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28799341." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-07-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-07-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/d112f7d0c1dbaf0368365885becb11ca8d3f13a4", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/d112f7d0c1dbaf0368365885becb11ca8d3f13a4" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/f81038006b4c59a5a148dcad887371206033c28f", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/f81038006b4c59a5a148dcad887371206033c28f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate certain track data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28799341." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-07-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-07-01.html" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/d112f7d0c1dbaf0368365885becb11ca8d3f13a4", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/d112f7d0c1dbaf0368365885becb11ca8d3f13a4" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/f81038006b4c59a5a148dcad887371206033c28f", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/f81038006b4c59a5a148dcad887371206033c28f" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2641.json b/2016/2xxx/CVE-2016-2641.json index 5d9d2326682..a4f88cec35e 100644 --- a/2016/2xxx/CVE-2016-2641.json +++ b/2016/2xxx/CVE-2016-2641.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2641", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2641", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2690.json b/2016/2xxx/CVE-2016-2690.json index 2bcae4ae7e9..e4930afd04a 100644 --- a/2016/2xxx/CVE-2016-2690.json +++ b/2016/2xxx/CVE-2016-2690.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2690", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2690", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18279.json b/2017/18xxx/CVE-2017-18279.json index 1d066cba588..41a2692a112 100644 --- a/2017/18xxx/CVE-2017-18279.json +++ b/2017/18xxx/CVE-2017-18279.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18279", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18279", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1011.json b/2017/1xxx/CVE-2017-1011.json index 1e3e98e500d..87e04cc3b19 100644 --- a/2017/1xxx/CVE-2017-1011.json +++ b/2017/1xxx/CVE-2017-1011.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1011", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1011", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1218.json b/2017/1xxx/CVE-2017-1218.json index 74b58f79e62..70c8749644d 100644 --- a/2017/1xxx/CVE-2017-1218.json +++ b/2017/1xxx/CVE-2017-1218.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-07-14T00:00:00", - "ID" : "CVE-2017-1218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BigFix family", - "version" : { - "version_data" : [ - { - "version_value" : "9.2" - }, - { - "version_value" : "9.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123858." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-07-14T00:00:00", + "ID": "CVE-2017-1218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BigFix family", + "version": { + "version_data": [ + { + "version_value": "9.2" + }, + { + "version_value": "9.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123858", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123858" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22005246", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22005246" - }, - { - "name" : "99916", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99916" - }, - { - "name" : "101571", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123858." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99916", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99916" + }, + { + "name": "101571", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101571" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22005246", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22005246" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123858", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123858" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5130.json b/2017/5xxx/CVE-2017-5130.json index 79ba10dd302..c04996448ff 100644 --- a/2017/5xxx/CVE-2017-5130.json +++ b/2017/5xxx/CVE-2017-5130.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 62.0.3202.62", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 62.0.3202.62" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Integer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 62.0.3202.62", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 62.0.3202.62" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171123 [SECURITY] [DLA 1188-1] libxml2 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00034.html" - }, - { - "name" : "http://bugzilla.gnome.org/show_bug.cgi?id=783026", - "refsource" : "MISC", - "url" : "http://bugzilla.gnome.org/show_bug.cgi?id=783026" - }, - { - "name" : "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/722079", - "refsource" : "MISC", - "url" : "https://crbug.com/722079" - }, - { - "name" : "https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed", - "refsource" : "MISC", - "url" : "https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed" - }, - { - "name" : "GLSA-201710-24", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-24" - }, - { - "name" : "RHSA-2017:2997", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2997" - }, - { - "name" : "101482", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101482", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101482" + }, + { + "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1188-1] libxml2 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00034.html" + }, + { + "name": "http://bugzilla.gnome.org/show_bug.cgi?id=783026", + "refsource": "MISC", + "url": "http://bugzilla.gnome.org/show_bug.cgi?id=783026" + }, + { + "name": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html" + }, + { + "name": "https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed", + "refsource": "MISC", + "url": "https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed" + }, + { + "name": "RHSA-2017:2997", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2997" + }, + { + "name": "https://crbug.com/722079", + "refsource": "MISC", + "url": "https://crbug.com/722079" + }, + { + "name": "GLSA-201710-24", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-24" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5338.json b/2017/5xxx/CVE-2017-5338.json index 8d626576d2f..45e9744cfe2 100644 --- a/2017/5xxx/CVE-2017-5338.json +++ b/2017/5xxx/CVE-2017-5338.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5338", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-5338", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5358.json b/2017/5xxx/CVE-2017-5358.json index e8a33f9053b..7d4546ea859 100644 --- a/2017/5xxx/CVE-2017-5358.json +++ b/2017/5xxx/CVE-2017-5358.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote attackers to execute arbitrary code via the server argument to the (1) i5_connect, (2) i5_pconnect, or (3) i5_private_connect API function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41425", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41425/" - }, - { - "name" : "20170222 EasyCom PHP API Stack Buffer Overflow", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Feb/60" - }, - { - "name" : "http://hyp3rlinx.altervista.org/advisories/EASYCOM-PHP-API-BUFFER-OVERFLOW.txt", - "refsource" : "MISC", - "url" : "http://hyp3rlinx.altervista.org/advisories/EASYCOM-PHP-API-BUFFER-OVERFLOW.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/141299/EasyCom-AS400-PHP-API-Buffer-Overflow.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/141299/EasyCom-AS400-PHP-API-Buffer-Overflow.html" - }, - { - "name" : "96419", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote attackers to execute arbitrary code via the server argument to the (1) i5_connect, (2) i5_pconnect, or (3) i5_private_connect API function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96419", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96419" + }, + { + "name": "http://hyp3rlinx.altervista.org/advisories/EASYCOM-PHP-API-BUFFER-OVERFLOW.txt", + "refsource": "MISC", + "url": "http://hyp3rlinx.altervista.org/advisories/EASYCOM-PHP-API-BUFFER-OVERFLOW.txt" + }, + { + "name": "20170222 EasyCom PHP API Stack Buffer Overflow", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Feb/60" + }, + { + "name": "http://packetstormsecurity.com/files/141299/EasyCom-AS400-PHP-API-Buffer-Overflow.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/141299/EasyCom-AS400-PHP-API-Buffer-Overflow.html" + }, + { + "name": "41425", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41425/" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5428.json b/2017/5xxx/CVE-2017-5428.json index 64a72b08a17..06d81042ed7 100644 --- a/2017/5xxx/CVE-2017-5428.json +++ b/2017/5xxx/CVE-2017-5428.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.0.1" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An integer overflow in \"createImageBitmap()\" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the \"createImageBitmap\" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "integer overflow in createImageBitmap()" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.0.1" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1348168", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1348168" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-08/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-08/" - }, - { - "name" : "RHSA-2017:0558", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0558.html" - }, - { - "name" : "96959", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96959" - }, - { - "name" : "1038060", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038060" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An integer overflow in \"createImageBitmap()\" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the \"createImageBitmap\" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "integer overflow in createImageBitmap()" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038060", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038060" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1348168", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1348168" + }, + { + "name": "96959", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96959" + }, + { + "name": "RHSA-2017:0558", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0558.html" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-08/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-08/" + } + ] + } +} \ No newline at end of file