diff --git a/2001/0xxx/CVE-2001-0288.json b/2001/0xxx/CVE-2001-0288.json index 3ede3fda898..da46039fe0d 100644 --- a/2001/0xxx/CVE-2001-0288.json +++ b/2001/0xxx/CVE-2001-0288.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010228 Cisco IOS Software TCP Initial Sequence Number Randomization Improvements", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010228 Cisco IOS Software TCP Initial Sequence Number Randomization Improvements", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1386.json b/2001/1xxx/CVE-2001-1386.json index af7683ef02e..df75dc56711 100644 --- a/2001/1xxx/CVE-2001-1386.json +++ b/2001/1xxx/CVE-2001-1386.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a \".lnk.\" extension, which bypasses WFTPD's check for a \".lnk\" extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010701 WFTPD v3.00 R5 Directory Traversal", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/194442" - }, - { - "name" : "ftp-lnk-directory-traversal(6760)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6760" - }, - { - "name" : "2957", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2957" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a \".lnk.\" extension, which bypasses WFTPD's check for a \".lnk\" extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ftp-lnk-directory-traversal(6760)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6760" + }, + { + "name": "2957", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2957" + }, + { + "name": "20010701 WFTPD v3.00 R5 Directory Traversal", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/194442" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2132.json b/2006/2xxx/CVE-2006-2132.json index 2726ec0f2cc..aec8db48197 100644 --- a/2006/2xxx/CVE-2006-2132.json +++ b/2006/2xxx/CVE-2006-2132.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in detail.asp in DUclassified allows remote attackers to execute arbitrary SQL commands via the iPro parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/duclassified-detail.asp-sql-inj.txt", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/duclassified-detail.asp-sql-inj.txt" - }, - { - "name" : "17722", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17722" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in detail.asp in DUclassified allows remote attackers to execute arbitrary SQL commands via the iPro parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17722", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17722" + }, + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/duclassified-detail.asp-sql-inj.txt", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/duclassified-detail.asp-sql-inj.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2414.json b/2006/2xxx/CVE-2006-2414.json index 392373af4c4..2e6db0ada47 100644 --- a/2006/2xxx/CVE-2006-2414.json +++ b/2006/2xxx/CVE-2006-2414.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2414", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via \"..\" sequences in the (1) LIST or (2) DELETE IMAP command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060512 Dovecot IMAP: Mailbox names list disclosure with mboxes", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433878/100/0/threaded" - }, - { - "name" : "http://www.dovecot.org/list/dovecot-news/2006-May/000006.html", - "refsource" : "MISC", - "url" : "http://www.dovecot.org/list/dovecot-news/2006-May/000006.html" - }, - { - "name" : "http://dovecot.org/list/dovecot-cvs/2006-May/005563.html", - "refsource" : "CONFIRM", - "url" : "http://dovecot.org/list/dovecot-cvs/2006-May/005563.html" - }, - { - "name" : "DSA-1080", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1080" - }, - { - "name" : "17961", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17961" - }, - { - "name" : "ADV-2006-2013", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2013" - }, - { - "name" : "20308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20308" - }, - { - "name" : "20315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20315" - }, - { - "name" : "913", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/913" - }, - { - "name" : "dovecot-imap-list-information-disclosure(26536)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26536" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via \"..\" sequences in the (1) LIST or (2) DELETE IMAP command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1080", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1080" + }, + { + "name": "http://www.dovecot.org/list/dovecot-news/2006-May/000006.html", + "refsource": "MISC", + "url": "http://www.dovecot.org/list/dovecot-news/2006-May/000006.html" + }, + { + "name": "ADV-2006-2013", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2013" + }, + { + "name": "20315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20315" + }, + { + "name": "17961", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17961" + }, + { + "name": "913", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/913" + }, + { + "name": "20308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20308" + }, + { + "name": "http://dovecot.org/list/dovecot-cvs/2006-May/005563.html", + "refsource": "CONFIRM", + "url": "http://dovecot.org/list/dovecot-cvs/2006-May/005563.html" + }, + { + "name": "20060512 Dovecot IMAP: Mailbox names list disclosure with mboxes", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433878/100/0/threaded" + }, + { + "name": "dovecot-imap-list-information-disclosure(26536)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26536" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2513.json b/2006/2xxx/CVE-2006-2513.json index d0a6a1d9265..c007f34951d 100644 --- a/2006/2xxx/CVE-2006-2513.json +++ b/2006/2xxx/CVE-2006-2513.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the installation process in Sun Java System Directory Server 5.2 causes wrong user data to be written to a file created by the installation, which allows remote attackers or local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "102345", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102345-1" - }, - { - "name" : "18018", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18018" - }, - { - "name" : "ADV-2006-1832", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1832" - }, - { - "name" : "1016112", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016112" - }, - { - "name" : "20144", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20144" - }, - { - "name" : "sun-java-unauth-access(26477)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the installation process in Sun Java System Directory Server 5.2 causes wrong user data to be written to a file created by the installation, which allows remote attackers or local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016112", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016112" + }, + { + "name": "ADV-2006-1832", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1832" + }, + { + "name": "sun-java-unauth-access(26477)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26477" + }, + { + "name": "18018", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18018" + }, + { + "name": "102345", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102345-1" + }, + { + "name": "20144", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20144" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2784.json b/2006/2xxx/CVE-2006-2784.json index 5d1721c3869..05dd8afc340 100644 --- a/2006/2xxx/CVE-2006-2784.json +++ b/2006/2xxx/CVE-2006-2784.json @@ -1,267 +1,267 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the \"Manual Install\" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060602 rPSA-2006-0091-1 firefox thunderbird", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435795/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-36.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-36.html" - }, - { - "name" : "DSA-1118", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1118" - }, - { - "name" : "DSA-1120", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1120" - }, - { - "name" : "DSA-1134", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1134" - }, - { - "name" : "GLSA-200606-12", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "MDKSA-2006:143", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" - }, - { - "name" : "MDKSA-2006:145", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" - }, - { - "name" : "RHSA-2006:0578", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0578.html" - }, - { - "name" : "RHSA-2006:0610", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0610.html" - }, - { - "name" : "RHSA-2006:0611", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0611.html" - }, - { - "name" : "RHSA-2006:0609", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0609.html" - }, - { - "name" : "RHSA-2006:0594", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0594.html" - }, - { - "name" : "SUSE-SA:2006:035", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html" - }, - { - "name" : "USN-296-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/296-1/" - }, - { - "name" : "USN-296-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/296-2/" - }, - { - "name" : "USN-297-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/297-3/" - }, - { - "name" : "USN-323-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/323-1/" - }, - { - "name" : "18228", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18228" - }, - { - "name" : "oval:org.mitre.oval:def:9768", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9768" - }, - { - "name" : "ADV-2006-2106", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2106" - }, - { - "name" : "ADV-2006-3748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3748" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "1016202", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016202" - }, - { - "name" : "20376", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20376" - }, - { - "name" : "20561", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20561" - }, - { - "name" : "21134", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21134" - }, - { - "name" : "21183", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21183" - }, - { - "name" : "21176", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21176" - }, - { - "name" : "21178", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21178" - }, - { - "name" : "21188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21188" - }, - { - "name" : "21210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21210" - }, - { - "name" : "21269", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21269" - }, - { - "name" : "21270", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21270" - }, - { - "name" : "21336", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21336" - }, - { - "name" : "21324", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21324" - }, - { - "name" : "21532", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21532" - }, - { - "name" : "21631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21631" - }, - { - "name" : "22066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22066" - }, - { - "name" : "mozilla-pluginspage-code-execution(26847)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26847" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the \"Manual Install\" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21176", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21176" + }, + { + "name": "MDKSA-2006:145", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" + }, + { + "name": "ADV-2006-3748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3748" + }, + { + "name": "USN-297-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/297-3/" + }, + { + "name": "USN-296-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/296-1/" + }, + { + "name": "oval:org.mitre.oval:def:9768", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9768" + }, + { + "name": "USN-323-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/323-1/" + }, + { + "name": "20561", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20561" + }, + { + "name": "21210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21210" + }, + { + "name": "RHSA-2006:0594", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html" + }, + { + "name": "21336", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21336" + }, + { + "name": "20060602 rPSA-2006-0091-1 firefox thunderbird", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded" + }, + { + "name": "RHSA-2006:0610", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html" + }, + { + "name": "20376", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20376" + }, + { + "name": "RHSA-2006:0609", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html" + }, + { + "name": "21178", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21178" + }, + { + "name": "1016202", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016202" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-36.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-36.html" + }, + { + "name": "18228", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18228" + }, + { + "name": "21532", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21532" + }, + { + "name": "21270", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21270" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "21188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21188" + }, + { + "name": "21134", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21134" + }, + { + "name": "21631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21631" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "mozilla-pluginspage-code-execution(26847)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26847" + }, + { + "name": "USN-296-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/296-2/" + }, + { + "name": "DSA-1118", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1118" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "DSA-1120", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1120" + }, + { + "name": "RHSA-2006:0611", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html" + }, + { + "name": "DSA-1134", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1134" + }, + { + "name": "GLSA-200606-12", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml" + }, + { + "name": "21324", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21324" + }, + { + "name": "21183", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21183" + }, + { + "name": "22066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22066" + }, + { + "name": "21269", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21269" + }, + { + "name": "SUSE-SA:2006:035", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html" + }, + { + "name": "RHSA-2006:0578", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0578.html" + }, + { + "name": "ADV-2006-2106", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2106" + }, + { + "name": "MDKSA-2006:143", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2924.json b/2006/2xxx/CVE-2006-2924.json index da3a6bad51b..be75be60b8d 100644 --- a/2006/2xxx/CVE-2006-2924.json +++ b/2006/2xxx/CVE-2006-2924.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ingate Firewall in the SIP module before 4.4.1 and SIParator before 4.4.1, when TLS is enabled or when SSL/TLS is enabled in the web server, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ingate.com/relnote-441.php", - "refsource" : "CONFIRM", - "url" : "http://www.ingate.com/relnote-441.php" - }, - { - "name" : "18318", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18318" - }, - { - "name" : "ADV-2006-2183", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2183" - }, - { - "name" : "1016244", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016244" - }, - { - "name" : "1016245", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016245" - }, - { - "name" : "20479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20479" - }, - { - "name" : "ingate-ssltls-dos(26977)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ingate Firewall in the SIP module before 4.4.1 and SIParator before 4.4.1, when TLS is enabled or when SSL/TLS is enabled in the web server, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ingate-ssltls-dos(26977)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26977" + }, + { + "name": "1016245", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016245" + }, + { + "name": "1016244", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016244" + }, + { + "name": "http://www.ingate.com/relnote-441.php", + "refsource": "CONFIRM", + "url": "http://www.ingate.com/relnote-441.php" + }, + { + "name": "18318", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18318" + }, + { + "name": "ADV-2006-2183", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2183" + }, + { + "name": "20479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20479" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3546.json b/2006/3xxx/CVE-2006-3546.json index 1d89fb2c70b..535ae55dc6d 100644 --- a/2006/3xxx/CVE-2006-3546.json +++ b/2006/3xxx/CVE-2006-3546.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Patrice Freydiere ImgSvr (aka ADA Image Server) allows remote attackers to cause a denial of service (daemon crash) via a long HTTP POST request. NOTE: this might be the same issue as CVE-2004-2463." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060703 imgsvr dos exploit by n00b", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438971/100/0/threaded" - }, - { - "name" : "18784", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18784" - }, - { - "name" : "1232", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1232" - }, - { - "name" : "imgsvr-http-post-dos(27613)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27613" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Patrice Freydiere ImgSvr (aka ADA Image Server) allows remote attackers to cause a denial of service (daemon crash) via a long HTTP POST request. NOTE: this might be the same issue as CVE-2004-2463." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "imgsvr-http-post-dos(27613)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27613" + }, + { + "name": "1232", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1232" + }, + { + "name": "20060703 imgsvr dos exploit by n00b", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438971/100/0/threaded" + }, + { + "name": "18784", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18784" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6001.json b/2006/6xxx/CVE-2006-6001.json index 6a9f4a66b1c..1aec09aeb34 100644 --- a/2006/6xxx/CVE-2006-6001.json +++ b/2006/6xxx/CVE-2006-6001.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6001", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-6001", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6246.json b/2006/6xxx/CVE-2006-6246.json index e09e2db1cb3..d8004e23432 100644 --- a/2006/6xxx/CVE-2006-6246.json +++ b/2006/6xxx/CVE-2006-6246.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Photo Organizer 2.32b and earlier does not properly check the ownership of certain objects, which allows remote attackers to gain unauthorized access via vectors related to (1) camera del, (2) camera edit, (3) folder/album deletion, (4) photo.move, (5) content.indexer, (6) folder.content, and possibly other operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.shaftnet.org/task/113", - "refsource" : "MISC", - "url" : "http://bugs.shaftnet.org/task/113" - }, - { - "name" : "http://po.shaftnet.org/po_stable_changelog", - "refsource" : "CONFIRM", - "url" : "http://po.shaftnet.org/po_stable_changelog" - }, - { - "name" : "21351", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21351" - }, - { - "name" : "ADV-2006-4766", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4766" - }, - { - "name" : "23176", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23176" - }, - { - "name" : "photoorganizer-auth-security-bypass(30577)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30577" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Photo Organizer 2.32b and earlier does not properly check the ownership of certain objects, which allows remote attackers to gain unauthorized access via vectors related to (1) camera del, (2) camera edit, (3) folder/album deletion, (4) photo.move, (5) content.indexer, (6) folder.content, and possibly other operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.shaftnet.org/task/113", + "refsource": "MISC", + "url": "http://bugs.shaftnet.org/task/113" + }, + { + "name": "ADV-2006-4766", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4766" + }, + { + "name": "http://po.shaftnet.org/po_stable_changelog", + "refsource": "CONFIRM", + "url": "http://po.shaftnet.org/po_stable_changelog" + }, + { + "name": "23176", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23176" + }, + { + "name": "photoorganizer-auth-security-bypass(30577)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30577" + }, + { + "name": "21351", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21351" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6831.json b/2006/6xxx/CVE-2006-6831.json index c5e6dcbdc9f..205898ceb35 100644 --- a/2006/6xxx/CVE-2006-6831.json +++ b/2006/6xxx/CVE-2006-6831.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catcode parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3031", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3031" - }, - { - "name" : "afaq-faqdsp-sql-injection(31130)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31130" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catcode parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3031", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3031" + }, + { + "name": "afaq-faqdsp-sql-injection(31130)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31130" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7043.json b/2006/7xxx/CVE-2006-7043.json index da56f0ebd12..c301ea65833 100644 --- a/2006/7xxx/CVE-2006-7043.json +++ b/2006/7xxx/CVE-2006-7043.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blogger allow remote authenticated users to inject arbitrary web script or HTML via script tags in (1) posts and (2) profile names; and (3) a javascript URI in a URL argument in the photo gallery." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060506 ChipmunkBlogger improper input sanitizing", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-05/0104.html" - }, - { - "name" : "17862", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17862" - }, - { - "name" : "2306", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2306" - }, - { - "name" : "chipmunkblogger-multiple-xss(26296)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blogger allow remote authenticated users to inject arbitrary web script or HTML via script tags in (1) posts and (2) profile names; and (3) a javascript URI in a URL argument in the photo gallery." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17862", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17862" + }, + { + "name": "chipmunkblogger-multiple-xss(26296)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26296" + }, + { + "name": "2306", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2306" + }, + { + "name": "20060506 ChipmunkBlogger improper input sanitizing", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0104.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7246.json b/2006/7xxx/CVE-2006-7246.json index 6f947c89e37..5b3b899f6d9 100644 --- a/2006/7xxx/CVE-2006-7246.json +++ b/2006/7xxx/CVE-2006-7246.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7246", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7246", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0418.json b/2011/0xxx/CVE-2011-0418.json index 59558a52729..a7f8ed8a397 100644 --- a/2011/0xxx/CVE-2011-0418.json +++ b/2011/0xxx/CVE-2011-0418.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-0418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110502 Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT memory exhaustion", - "refsource" : "SREASONRES", - "url" : "http://securityreason.com/achievement_securityalert/97" - }, - { - "name" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c#rev1.28", - "refsource" : "CONFIRM", - "url" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c#rev1.28" - }, - { - "name" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c.diff?r1=1.27&r2=1.28&f=h", - "refsource" : "CONFIRM", - "url" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c.diff?r1=1.27&r2=1.28&f=h" - }, - { - "name" : "http://www.pureftpd.org/project/pure-ftpd/news", - "refsource" : "CONFIRM", - "url" : "http://www.pureftpd.org/project/pure-ftpd/news" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=704283", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=704283" - }, - { - "name" : "MDVSA-2011:094", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:094" - }, - { - "name" : "47671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47671" - }, - { - "name" : "8228", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8228" - }, - { - "name" : "ADV-2011-1273", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/1273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c#rev1.28", + "refsource": "CONFIRM", + "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c#rev1.28" + }, + { + "name": "ADV-2011-1273", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/1273" + }, + { + "name": "MDVSA-2011:094", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:094" + }, + { + "name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c.diff?r1=1.27&r2=1.28&f=h", + "refsource": "CONFIRM", + "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c.diff?r1=1.27&r2=1.28&f=h" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=704283", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=704283" + }, + { + "name": "47671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47671" + }, + { + "name": "20110502 Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT memory exhaustion", + "refsource": "SREASONRES", + "url": "http://securityreason.com/achievement_securityalert/97" + }, + { + "name": "8228", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8228" + }, + { + "name": "http://www.pureftpd.org/project/pure-ftpd/news", + "refsource": "CONFIRM", + "url": "http://www.pureftpd.org/project/pure-ftpd/news" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0512.json b/2011/0xxx/CVE-2011-0512.json index a7cc1e47882..e3f4ca470b6 100644 --- a/2011/0xxx/CVE-2011-0512.json +++ b/2011/0xxx/CVE-2011-0512.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in team.php in the Teams Structure module 3.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the team_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "16004", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/16004" - }, - { - "name" : "45826", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45826" - }, - { - "name" : "70451", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70451" - }, - { - "name" : "42943", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42943" - }, - { - "name" : "phpfusion-team-structure-sql-injection(64727)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64727" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in team.php in the Teams Structure module 3.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the team_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45826", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45826" + }, + { + "name": "70451", + "refsource": "OSVDB", + "url": "http://osvdb.org/70451" + }, + { + "name": "phpfusion-team-structure-sql-injection(64727)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64727" + }, + { + "name": "42943", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42943" + }, + { + "name": "16004", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/16004" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0602.json b/2011/0xxx/CVE-2011-0602.json index 4d973caa495..c484d769459 100644 --- a/2011/0xxx/CVE-2011-0602.json +++ b/2011/0xxx/CVE-2011-0602.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via crafted JP2K record types in a JPEG2000 image in a PDF file, which causes heap corruption, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0599." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-0602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110208 Adobe Reader and Acrobat JP2K Invalid Indexing Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=891" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html" - }, - { - "name" : "RHSA-2011:0301", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0301.html" - }, - { - "name" : "46221", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46221" - }, - { - "name" : "oval:org.mitre.oval:def:12562", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12562" - }, - { - "name" : "1025033", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025033" - }, - { - "name" : "43470", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43470" - }, - { - "name" : "ADV-2011-0337", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0337" - }, - { - "name" : "ADV-2011-0492", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0492" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via crafted JP2K record types in a JPEG2000 image in a PDF file, which causes heap corruption, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0599." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0492", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0492" + }, + { + "name": "46221", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46221" + }, + { + "name": "43470", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43470" + }, + { + "name": "oval:org.mitre.oval:def:12562", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12562" + }, + { + "name": "RHSA-2011:0301", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0301.html" + }, + { + "name": "ADV-2011-0337", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0337" + }, + { + "name": "1025033", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025033" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-03.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html" + }, + { + "name": "20110208 Adobe Reader and Acrobat JP2K Invalid Indexing Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=891" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0738.json b/2011/0xxx/CVE-2011-0738.json index 7421254ce5f..26000a991fe 100644 --- a/2011/0xxx/CVE-2011-0738.json +++ b/2011/0xxx/CVE-2011-0738.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[security-announce] 20110118 Globus Security Advisory 2011-01: myproxy-logon identity checking of server", - "refsource" : "MLIST", - "url" : "http://lists.globus.org/pipermail/security-announce/2011-January/000018.html" - }, - { - "name" : "http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt", - "refsource" : "MISC", - "url" : "http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt" - }, - { - "name" : "FEDORA-2011-0512", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053473.html" - }, - { - "name" : "FEDORA-2011-0514", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053461.html" - }, - { - "name" : "45916", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45916" - }, - { - "name" : "70494", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70494" - }, - { - "name" : "42972", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42972" - }, - { - "name" : "43103", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43103" - }, - { - "name" : "ADV-2011-0227", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0227" - }, - { - "name" : "myproxy-ssl-spoofing(64830)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64830" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2011-0514", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053461.html" + }, + { + "name": "ADV-2011-0227", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0227" + }, + { + "name": "[security-announce] 20110118 Globus Security Advisory 2011-01: myproxy-logon identity checking of server", + "refsource": "MLIST", + "url": "http://lists.globus.org/pipermail/security-announce/2011-January/000018.html" + }, + { + "name": "43103", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43103" + }, + { + "name": "myproxy-ssl-spoofing(64830)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64830" + }, + { + "name": "FEDORA-2011-0512", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053473.html" + }, + { + "name": "http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt", + "refsource": "MISC", + "url": "http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt" + }, + { + "name": "45916", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45916" + }, + { + "name": "70494", + "refsource": "OSVDB", + "url": "http://osvdb.org/70494" + }, + { + "name": "42972", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42972" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2560.json b/2011/2xxx/CVE-2011-2560.json index 8cba15b9166..7916acf0822 100644 --- a/2011/2xxx/CVE-2011-2560.json +++ b/2011/2xxx/CVE-2011-2560.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2560", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial of service (memory consumption and restart) by making many connections, aka Bug ID CSCtf97162." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-2560", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110824 Cisco Unified Communications Manager Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial of service (memory consumption and restart) by making many connections, aka Bug ID CSCtf97162." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110824 Cisco Unified Communications Manager Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2826.json b/2011/2xxx/CVE-2011-2826.json index 17f4709d8af..432087b1136 100644 --- a/2011/2xxx/CVE-2011-2826.json +++ b/2011/2xxx/CVE-2011-2826.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2826", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 13.0.782.215 allows remote attackers to bypass the Same Origin Policy via vectors related to empty origins." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2826", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=89453", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=89453" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html" - }, - { - "name" : "oval:org.mitre.oval:def:14383", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14383" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 13.0.782.215 allows remote attackers to bypass the Same Origin Policy via vectors related to empty origins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14383", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14383" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=89453", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=89453" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2900.json b/2011/2xxx/CVE-2011-2900.json index 18a0c4c0fa4..242c0c5eba5 100644 --- a/2011/2xxx/CVE-2011-2900.json +++ b/2011/2xxx/CVE-2011-2900.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT request, as exploited in the wild in 2011." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110803 CVE id request: shttpd/mongoose/yassl embedded webserver", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/03/5" - }, - { - "name" : "[oss-security] 20110803 Re: CVE id request: shttpd/mongoose/yassl embedded webserver", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/03/9" - }, - { - "name" : "https://code.google.com/p/mongoose/source/detail?r=556f4de91eae4bac40dc5d4ddbd9ec7c424711d0", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/mongoose/source/detail?r=556f4de91eae4bac40dc5d4ddbd9ec7c424711d0" - }, - { - "name" : "FEDORA-2011-11636", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065273.html" - }, - { - "name" : "FEDORA-2011-11823", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065505.html" - }, - { - "name" : "FEDORA-2011-11825", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065537.html" - }, - { - "name" : "48980", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48980" - }, - { - "name" : "45464", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45464" - }, - { - "name" : "45902", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45902" - }, - { - "name" : "8337", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8337" - }, - { - "name" : "mongoose-put-bo(68991)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68991" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT request, as exploited in the wild in 2011." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2011-11823", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065505.html" + }, + { + "name": "48980", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48980" + }, + { + "name": "https://code.google.com/p/mongoose/source/detail?r=556f4de91eae4bac40dc5d4ddbd9ec7c424711d0", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/mongoose/source/detail?r=556f4de91eae4bac40dc5d4ddbd9ec7c424711d0" + }, + { + "name": "45464", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45464" + }, + { + "name": "45902", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45902" + }, + { + "name": "FEDORA-2011-11825", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065537.html" + }, + { + "name": "mongoose-put-bo(68991)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68991" + }, + { + "name": "[oss-security] 20110803 CVE id request: shttpd/mongoose/yassl embedded webserver", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/03/5" + }, + { + "name": "8337", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8337" + }, + { + "name": "FEDORA-2011-11636", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065273.html" + }, + { + "name": "[oss-security] 20110803 Re: CVE id request: shttpd/mongoose/yassl embedded webserver", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/03/9" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3287.json b/2011/3xxx/CVE-2011-3287.json index 743a757ba6b..1815a5c7a63 100644 --- a/2011/3xxx/CVE-2011-3287.json +++ b/2011/3xxx/CVE-2011-3287.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Jabber Extensible Communications Platform (aka Jabber XCP) 2.x through 5.4.x before 5.4.0.27581 and 5.8.x before 5.8.1.27561 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug ID CSCtq78106, a similar issue to CVE-2003-1564." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-3287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110928 Jabber Extensible Communications Platform and Cisco Unified Presence XML Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d47.shtml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Jabber Extensible Communications Platform (aka Jabber XCP) 2.x through 5.4.x before 5.4.0.27581 and 5.8.x before 5.8.1.27561 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug ID CSCtq78106, a similar issue to CVE-2003-1564." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110928 Jabber Extensible Communications Platform and Cisco Unified Presence XML Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d47.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3421.json b/2011/3xxx/CVE-2011-3421.json index 14b6de3ecd0..dd1f9337a40 100644 --- a/2011/3xxx/CVE-2011-3421.json +++ b/2011/3xxx/CVE-2011-3421.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.125 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2011/09/beta-channel-update-for-chromebooks.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/09/beta-channel-update-for-chromebooks.html" - }, - { - "name" : "75378", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/75378" - }, - { - "name" : "oval:org.mitre.oval:def:13853", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13853" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.125 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:13853", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13853" + }, + { + "name": "75378", + "refsource": "OSVDB", + "url": "http://osvdb.org/75378" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/09/beta-channel-update-for-chromebooks.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/09/beta-channel-update-for-chromebooks.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3486.json b/2011/3xxx/CVE-2011-3486.json index d4247d8bc92..0c179cb2c70 100644 --- a/2011/3xxx/CVE-2011-3486.json +++ b/2011/3xxx/CVE-2011-3486.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/twincat_1-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/twincat_1-adv.txt" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-06.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-06.pdf" - }, - { - "name" : "75495", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/75495" - }, - { - "name" : "8380", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8380" - }, - { - "name" : "twincat-datagram-dos(69765)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69765" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "twincat-datagram-dos(69765)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69765" + }, + { + "name": "8380", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8380" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-06.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-06.pdf" + }, + { + "name": "75495", + "refsource": "OSVDB", + "url": "http://osvdb.org/75495" + }, + { + "name": "http://aluigi.altervista.org/adv/twincat_1-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/twincat_1-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3906.json b/2011/3xxx/CVE-2011-3906.json index 974c4e44439..b110a38b5b3 100644 --- a/2011/3xxx/CVE-2011-3906.json +++ b/2011/3xxx/CVE-2011-3906.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PDF parser in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=98809", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=98809" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14548", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PDF parser in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14548", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14548" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=98809", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=98809" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3937.json b/2011/3xxx/CVE-2011-3937.json index d01cd5c29d0..ad3fcf7e5ee 100644 --- a/2011/3xxx/CVE-2011-3937.json +++ b/2011/3xxx/CVE-2011-3937.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to \"width/height changing with frame threads.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/security.html" - }, - { - "name" : "http://git.libav.org/?p=libav.git;a=commit;h=71db86d53b5c6872cea31bf714a1a38ec78feaba", - "refsource" : "CONFIRM", - "url" : "http://git.libav.org/?p=libav.git;a=commit;h=71db86d53b5c6872cea31bf714a1a38ec78feaba" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=71db86d53b5c6872cea31bf714a1a38ec78feaba", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=71db86d53b5c6872cea31bf714a1a38ec78feaba" - }, - { - "name" : "http://libav.org/news.html", - "refsource" : "CONFIRM", - "url" : "http://libav.org/news.html" - }, - { - "name" : "MDVSA-2013:079", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to \"width/height changing with frame threads.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=71db86d53b5c6872cea31bf714a1a38ec78feaba", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=71db86d53b5c6872cea31bf714a1a38ec78feaba" + }, + { + "name": "MDVSA-2013:079", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079" + }, + { + "name": "http://ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/security.html" + }, + { + "name": "http://git.libav.org/?p=libav.git;a=commit;h=71db86d53b5c6872cea31bf714a1a38ec78feaba", + "refsource": "CONFIRM", + "url": "http://git.libav.org/?p=libav.git;a=commit;h=71db86d53b5c6872cea31bf714a1a38ec78feaba" + }, + { + "name": "http://libav.org/news.html", + "refsource": "CONFIRM", + "url": "http://libav.org/news.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4118.json b/2011/4xxx/CVE-2011-4118.json index 21a4bb04773..53582609d49 100644 --- a/2011/4xxx/CVE-2011-4118.json +++ b/2011/4xxx/CVE-2011-4118.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mahara before 1.4.1, when MNet (aka the Moodle network feature) is used, allows remote authenticated users to gain privileges via a jump to an XMLRPC target." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111104 CVE request: Mahara", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/11/04/7" - }, - { - "name" : "[oss-security] 20111104 Re: CVE request: Mahara", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/11/04/10" - }, - { - "name" : "http://mahara.org/interaction/forum/topic.php?id=4138", - "refsource" : "CONFIRM", - "url" : "http://mahara.org/interaction/forum/topic.php?id=4138" - }, - { - "name" : "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz", - "refsource" : "CONFIRM", - "url" : "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz" - }, - { - "name" : "https://bugs.launchpad.net/mahara/+bug/884223", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/mahara/+bug/884223" - }, - { - "name" : "https://launchpad.net/mahara/+milestone/1.4.1", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/mahara/+milestone/1.4.1" - }, - { - "name" : "DSA-2334", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2334" - }, - { - "name" : "46719", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46719" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mahara before 1.4.1, when MNet (aka the Moodle network feature) is used, allows remote authenticated users to gain privileges via a jump to an XMLRPC target." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz", + "refsource": "CONFIRM", + "url": "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz" + }, + { + "name": "https://launchpad.net/mahara/+milestone/1.4.1", + "refsource": "CONFIRM", + "url": "https://launchpad.net/mahara/+milestone/1.4.1" + }, + { + "name": "http://mahara.org/interaction/forum/topic.php?id=4138", + "refsource": "CONFIRM", + "url": "http://mahara.org/interaction/forum/topic.php?id=4138" + }, + { + "name": "[oss-security] 20111104 Re: CVE request: Mahara", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/11/04/10" + }, + { + "name": "DSA-2334", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2334" + }, + { + "name": "[oss-security] 20111104 CVE request: Mahara", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/11/04/7" + }, + { + "name": "46719", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46719" + }, + { + "name": "https://bugs.launchpad.net/mahara/+bug/884223", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/mahara/+bug/884223" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4480.json b/2011/4xxx/CVE-2011-4480.json index 130d3d1b212..a76cf415ffd 100644 --- a/2011/4xxx/CVE-2011-4480.json +++ b/2011/4xxx/CVE-2011-4480.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4480", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4480", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1412.json b/2013/1xxx/CVE-2013-1412.json index 3a327d0cc29..c45a617e85b 100644 --- a/2013/1xxx/CVE-2013-1412.json +++ b/2013/1xxx/CVE-2013-1412.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1412", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1412", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130128 [KIS-2013-01] DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-01/0117.html" - }, - { - "name" : "24438", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/24438" - }, - { - "name" : "24444", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/24444" - }, - { - "name" : "http://karmainsecurity.com/KIS-2013-01", - "refsource" : "MISC", - "url" : "http://karmainsecurity.com/KIS-2013-01" - }, - { - "name" : "http://dleviet.com/dle/bug-fix/3281-security-patches-for-dle-97.html", - "refsource" : "CONFIRM", - "url" : "http://dleviet.com/dle/bug-fix/3281-security-patches-for-dle-97.html" - }, - { - "name" : "57603", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57603" - }, - { - "name" : "89662", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/89662" - }, - { - "name" : "51971", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51971" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57603", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57603" + }, + { + "name": "24444", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/24444" + }, + { + "name": "http://dleviet.com/dle/bug-fix/3281-security-patches-for-dle-97.html", + "refsource": "CONFIRM", + "url": "http://dleviet.com/dle/bug-fix/3281-security-patches-for-dle-97.html" + }, + { + "name": "89662", + "refsource": "OSVDB", + "url": "http://osvdb.org/89662" + }, + { + "name": "24438", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/24438" + }, + { + "name": "20130128 [KIS-2013-01] DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0117.html" + }, + { + "name": "http://karmainsecurity.com/KIS-2013-01", + "refsource": "MISC", + "url": "http://karmainsecurity.com/KIS-2013-01" + }, + { + "name": "51971", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51971" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1601.json b/2013/1xxx/CVE-2013-1601.json index 7045065453b..665ab859732 100644 --- a/2013/1xxx/CVE-2013-1601.json +++ b/2013/1xxx/CVE-2013-1601.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1601", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1601", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1661.json b/2013/1xxx/CVE-2013-1661.json index 89923fca6e5..428514594f6 100644 --- a/2013/1xxx/CVE-2013-1661.json +++ b/2013/1xxx/CVE-2013-1661.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to cause a denial of service (unhandled exception and application crash) by modifying the client-server data stream." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2013-0011.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2013-0011.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to cause a denial of service (unhandled exception and application crash) by modifying the client-server data stream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2013-0011.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2013-0011.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1714.json b/2013/1xxx/CVE-2013-1714.json index 30cedc2f993..d73e223bfc2 100644 --- a/2013/1xxx/CVE-2013-1714.json +++ b/2013/1xxx/CVE-2013-1714.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-1714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-73.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-73.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=879787", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=879787" - }, - { - "name" : "DSA-2746", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2746" - }, - { - "name" : "DSA-2735", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2735" - }, - { - "name" : "61882", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61882" - }, - { - "name" : "oval:org.mitre.oval:def:18002", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2746", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2746" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=879787", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=879787" + }, + { + "name": "61882", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61882" + }, + { + "name": "DSA-2735", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2735" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-73.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-73.html" + }, + { + "name": "oval:org.mitre.oval:def:18002", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18002" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1844.json b/2013/1xxx/CVE-2013-1844.json index 3c4fbecc3c2..f76fb452312 100644 --- a/2013/1xxx/CVE-2013-1844.json +++ b/2013/1xxx/CVE-2013-1844.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130311 Re: CVE request: XSS in piwik 1.11", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/12/4" - }, - { - "name" : "http://piwik.org/blog/2013/03/piwik-1-11/", - "refsource" : "CONFIRM", - "url" : "http://piwik.org/blog/2013/03/piwik-1-11/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20130311 Re: CVE request: XSS in piwik 1.11", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/12/4" + }, + { + "name": "http://piwik.org/blog/2013/03/piwik-1-11/", + "refsource": "CONFIRM", + "url": "http://piwik.org/blog/2013/03/piwik-1-11/" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5104.json b/2013/5xxx/CVE-2013-5104.json index fc4f24a29f5..d27f461bab9 100644 --- a/2013/5xxx/CVE-2013-5104.json +++ b/2013/5xxx/CVE-2013-5104.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5104", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5104", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5155.json b/2013/5xxx/CVE-2013-5155.json index de3d212f868..ba06e60621e 100644 --- a/2013/5xxx/CVE-2013-5155.json +++ b/2013/5xxx/CVE-2013-5155.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-5155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5934", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5934" - }, - { - "name" : "APPLE-SA-2013-09-18-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" - }, - { - "name" : "1029054", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029054" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029054", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029054" + }, + { + "name": "http://support.apple.com/kb/HT5934", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5934" + }, + { + "name": "APPLE-SA-2013-09-18-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5593.json b/2013/5xxx/CVE-2013-5593.json index fb8d1451bce..3e1b7eb7a14 100644 --- a/2013/5xxx/CVE-2013-5593.json +++ b/2013/5xxx/CVE-2013-5593.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct clickjacking attacks via vectors that trigger navigation off of a page containing this element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-5593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-94.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-94.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=868327", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=868327" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "openSUSE-SU-2013:1634", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html" - }, - { - "name" : "openSUSE-SU-2013:1633", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html" - }, - { - "name" : "oval:org.mitre.oval:def:19263", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct clickjacking attacks via vectors that trigger navigation off of a page containing this element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:1633", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "oval:org.mitre.oval:def:19263", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19263" + }, + { + "name": "openSUSE-SU-2013:1634", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=868327", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=868327" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-94.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-94.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2889.json b/2014/2xxx/CVE-2014-2889.json index bf80069d6c0..cfff13c4de9 100644 --- a/2014/2xxx/CVE-2014-2889.json +++ b/2014/2xxx/CVE-2014-2889.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the bpf_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 3.1.8, when BPF JIT is enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges via a long jump after a conditional jump." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-2889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140418 Re: CVE request Linux kernel: arch: x86: net: bpf_jit: an off-by-one bug in x86_64 cond jump target", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/04/18/6" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a03ffcf873fe0f2565386ca8ef832144c42e67fa", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a03ffcf873fe0f2565386ca8ef832144c42e67fa" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.8", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.8" - }, - { - "name" : "https://github.com/torvalds/linux/commit/a03ffcf873fe0f2565386ca8ef832144c42e67fa", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/a03ffcf873fe0f2565386ca8ef832144c42e67fa" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the bpf_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 3.1.8, when BPF JIT is enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges via a long jump after a conditional jump." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a03ffcf873fe0f2565386ca8ef832144c42e67fa", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a03ffcf873fe0f2565386ca8ef832144c42e67fa" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.8", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.8" + }, + { + "name": "https://github.com/torvalds/linux/commit/a03ffcf873fe0f2565386ca8ef832144c42e67fa", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/a03ffcf873fe0f2565386ca8ef832144c42e67fa" + }, + { + "name": "[oss-security] 20140418 Re: CVE request Linux kernel: arch: x86: net: bpf_jit: an off-by-one bug in x86_64 cond jump target", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/04/18/6" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2894.json b/2014/2xxx/CVE-2014-2894.json index b34723d8888..bee9b368ccb 100644 --- a/2014/2xxx/CVE-2014-2894.json +++ b/2014/2xxx/CVE-2014-2894.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2894", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-2894", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Qemu-devel] 20140412 [PATCH for 2.0] ide: Correct improper smart self test c", - "refsource" : "MLIST", - "url" : "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html" - }, - { - "name" : "[Qemu-devel] 20140414 Re: [PATCH for 2.0] ide: Correct improper smart self test c", - "refsource" : "MLIST", - "url" : "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02152.html" - }, - { - "name" : "[Qemu-devel] 20140414 Re: [PATCH for 2.0] ide: Correct improper smart self test c", - "refsource" : "MLIST", - "url" : "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02095.html" - }, - { - "name" : "[oss-security] 20140415 CVE request Qemu: out of bounds buffer access, guest triggerable via IDE SMART", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/04/15/4" - }, - { - "name" : "[oss-security] 20140418 Re: CVE request Qemu: out of bounds buffer access, guest triggerable via IDE SMART", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/04/18/5" - }, - { - "name" : "RHSA-2014:0743", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0743.html" - }, - { - "name" : "RHSA-2014:0744", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0744.html" - }, - { - "name" : "RHSA-2014:0704", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0704.html" - }, - { - "name" : "USN-2182-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2182-1" - }, - { - "name" : "66932", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66932" - }, - { - "name" : "57945", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57945" - }, - { - "name" : "58191", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0743", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html" + }, + { + "name": "[Qemu-devel] 20140412 [PATCH for 2.0] ide: Correct improper smart self test c", + "refsource": "MLIST", + "url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html" + }, + { + "name": "RHSA-2014:0744", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html" + }, + { + "name": "[Qemu-devel] 20140414 Re: [PATCH for 2.0] ide: Correct improper smart self test c", + "refsource": "MLIST", + "url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02095.html" + }, + { + "name": "USN-2182-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2182-1" + }, + { + "name": "[Qemu-devel] 20140414 Re: [PATCH for 2.0] ide: Correct improper smart self test c", + "refsource": "MLIST", + "url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02152.html" + }, + { + "name": "57945", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57945" + }, + { + "name": "[oss-security] 20140418 Re: CVE request Qemu: out of bounds buffer access, guest triggerable via IDE SMART", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/04/18/5" + }, + { + "name": "RHSA-2014:0704", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0704.html" + }, + { + "name": "[oss-security] 20140415 CVE request Qemu: out of bounds buffer access, guest triggerable via IDE SMART", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/04/15/4" + }, + { + "name": "66932", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66932" + }, + { + "name": "58191", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58191" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2970.json b/2014/2xxx/CVE-2014-2970.json index d92ffd019ac..e223823d84a 100644 --- a/2014/2xxx/CVE-2014-2970.json +++ b/2014/2xxx/CVE-2014-2970.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2970", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5139. Reason: This candidate is a duplicate of CVE-2014-5139, and has also been used to refer to an unrelated topic that is currently outside the scope of CVE. This unrelated topic is a LibreSSL code change adding functionality for certain process-bifurcation use cases that might arise in future LibreSSL-based applications. There is no CVE ID associated with this LibreSSL code change. As of 20140730, CVE-2014-5139 is an undisclosed vulnerability in a different product, with ongoing vulnerability coordination that had previously used the CVE-2014-2970 ID." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-2970", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5139. Reason: This candidate is a duplicate of CVE-2014-5139, and has also been used to refer to an unrelated topic that is currently outside the scope of CVE. This unrelated topic is a LibreSSL code change adding functionality for certain process-bifurcation use cases that might arise in future LibreSSL-based applications. There is no CVE ID associated with this LibreSSL code change. As of 20140730, CVE-2014-5139 is an undisclosed vulnerability in a different product, with ongoing vulnerability coordination that had previously used the CVE-2014-2970 ID." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6056.json b/2014/6xxx/CVE-2014-6056.json index e283112bdec..7eded0a956f 100644 --- a/2014/6xxx/CVE-2014-6056.json +++ b/2014/6xxx/CVE-2014-6056.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6056", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6056", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6314.json b/2014/6xxx/CVE-2014-6314.json index 5de68973738..8a92831d114 100644 --- a/2014/6xxx/CVE-2014-6314.json +++ b/2014/6xxx/CVE-2014-6314.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6314", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6314", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6899.json b/2014/6xxx/CVE-2014-6899.json index 1b54fe0ab4a..aa876d41a34 100644 --- a/2014/6xxx/CVE-2014-6899.json +++ b/2014/6xxx/CVE-2014-6899.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Jazeera Airways (aka com.winit.jazeeraairways) application 2.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#905193", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/905193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Jazeera Airways (aka com.winit.jazeeraairways) application 2.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#905193", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/905193" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0159.json b/2017/0xxx/CVE-2017-0159.json index ed4893ef5bb..23c1bfd3cf0 100644 --- a/2017/0xxx/CVE-2017-0159.json +++ b/2017/0xxx/CVE-2017-0159.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 1607, Windows Server 2012 R2, and Windows 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka \"ADFS Security Feature Bypass Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "Windows 10 1607, Windows Server 2012 R2, and Windows 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0159", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0159" - }, - { - "name" : "97449", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97449" - }, - { - "name" : "1038243", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038243" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka \"ADFS Security Feature Bypass Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97449", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97449" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0159", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0159" + }, + { + "name": "1038243", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038243" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0777.json b/2017/0xxx/CVE-2017-0777.json index 2a91568972b..8044b95647c 100644 --- a/2017/0xxx/CVE-2017-0777.json +++ b/2017/0xxx/CVE-2017-0777.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-09-05T00:00:00", - "ID" : "CVE-2017-0777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-38342499." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-09-05T00:00:00", + "ID": "CVE-2017-0777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "100649", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100649" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-38342499." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100649", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100649" + }, + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000363.json b/2017/1000xxx/CVE-2017-1000363.json index a79f13600aa..285d4de64ff 100644 --- a/2017/1000xxx/CVE-2017-1000363.json +++ b/2017/1000xxx/CVE-2017-1000363.json @@ -1,79 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "ID" : "CVE-2017-1000363", - "REQUESTER" : "roee.hay@hcl.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Linux Kernel", - "version" : { - "version_data" : [ - { - "version_value" : "4.11.1" - }, - { - "version_value" : "3.18.53" - }, - { - "version_value" : "2.6.39" - } - ] - } - } - ] - }, - "vendor_name" : "Linux Kernel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-276" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1000363", + "REQUESTER": "roee.hay@hcl.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://alephsecurity.com/vulns/aleph-2017023", - "refsource" : "MISC", - "url" : "https://alephsecurity.com/vulns/aleph-2017023" - }, - { - "name" : "DSA-3945", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3945" - }, - { - "name" : "98651", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98651", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98651" + }, + { + "name": "https://alephsecurity.com/vulns/aleph-2017023", + "refsource": "MISC", + "url": "https://alephsecurity.com/vulns/aleph-2017023" + }, + { + "name": "DSA-3945", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3945" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000393.json b/2017/1000xxx/CVE-2017-1000393.json index 8c354c56e38..c1bbe57aa7f 100644 --- a/2017/1000xxx/CVE-2017-1000393.json +++ b/2017/1000xxx/CVE-2017-1000393.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-11-17", - "ID" : "CVE-2017-1000393", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins", - "version" : { - "version_data" : [ - { - "version_value" : "2.73.1 and earlier, 2.83 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of this launch method now requires the Run Scripts permission typically only granted to administrators." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-11-17", + "ID": "CVE-2017-1000393", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2017-10-11/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2017-10-11/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of this launch method now requires the Run Scripts permission typically only granted to administrators." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2017-10-11/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2017-10-11/" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18259.json b/2017/18xxx/CVE-2017-18259.json index 575be00746c..36720ea9d2f 100644 --- a/2017/18xxx/CVE-2017-18259.json +++ b/2017/18xxx/CVE-2017-18259.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18259", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18259", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-008", - "refsource" : "MISC", - "url" : "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-008", + "refsource": "MISC", + "url": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-008" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18305.json b/2017/18xxx/CVE-2017-18305.json index a4c57b868c1..ede239d9744 100644 --- a/2017/18xxx/CVE-2017-18305.json +++ b/2017/18xxx/CVE-2017-18305.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-18305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Access Control in Core" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-18305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components" - }, - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - }, - { - "name" : "1041432", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control in Core" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "1041432", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041432" + }, + { + "name": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1063.json b/2017/1xxx/CVE-2017-1063.json index 2a3a68c49d9..e7d8432bf88 100644 --- a/2017/1xxx/CVE-2017-1063.json +++ b/2017/1xxx/CVE-2017-1063.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1063", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1063", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1131.json b/2017/1xxx/CVE-2017-1131.json index 286a9935d57..de9c2b5dd0f 100644 --- a/2017/1xxx/CVE-2017-1131.json +++ b/2017/1xxx/CVE-2017-1131.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sterling B2B Integrator", - "version" : { - "version_data" : [ - { - "version_value" : "5.2" - }, - { - "version_value" : "5.2.1" - }, - { - "version_value" : "5.2.2" - }, - { - "version_value" : "5.2.3" - }, - { - "version_value" : "5.2.4" - }, - { - "version_value" : "5.2.5" - }, - { - "version_value" : "5.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. IBM X-Force ID: 121375." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator", + "version": { + "version_data": [ + { + "version_value": "5.2" + }, + { + "version_value": "5.2.1" + }, + { + "version_value": "5.2.2" + }, + { + "version_value": "5.2.3" + }, + { + "version_value": "5.2.4" + }, + { + "version_value": "5.2.5" + }, + { + "version_value": "5.2.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121375", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121375" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22004270", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22004270" - }, - { - "name" : "99227", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99227" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. IBM X-Force ID: 121375." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99227", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99227" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22004270", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22004270" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121375", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121375" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1136.json b/2017/1xxx/CVE-2017-1136.json index 23176f31cdd..4a9103b2495 100644 --- a/2017/1xxx/CVE-2017-1136.json +++ b/2017/1xxx/CVE-2017-1136.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1136", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1136", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1142.json b/2017/1xxx/CVE-2017-1142.json index 666087befcd..6ab56ee14cf 100644 --- a/2017/1xxx/CVE-2017-1142.json +++ b/2017/1xxx/CVE-2017-1142.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kenexa LCMS Premier on Cloud", - "version" : { - "version_data" : [ - { - "version_value" : "9.0" - }, - { - "version_value" : "9.1" - }, - { - "version_value" : "9.2" - }, - { - "version_value" : "9.2.1" - }, - { - "version_value" : "9.3.0" - }, - { - "version_value" : "9.4.0" - }, - { - "version_value" : "9.5.0" - }, - { - "version_value" : "10.0.0" - }, - { - "version_value" : "10.1.0" - }, - { - "version_value" : "10.2.0" - }, - { - "version_value" : "10.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM Reference #: 1998874." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kenexa LCMS Premier on Cloud", + "version": { + "version_data": [ + { + "version_value": "9.0" + }, + { + "version_value": "9.1" + }, + { + "version_value": "9.2" + }, + { + "version_value": "9.2.1" + }, + { + "version_value": "9.3.0" + }, + { + "version_value": "9.4.0" + }, + { + "version_value": "9.5.0" + }, + { + "version_value": "10.0.0" + }, + { + "version_value": "10.1.0" + }, + { + "version_value": "10.2.0" + }, + { + "version_value": "10.3.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21998874", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21998874" - }, - { - "name" : "97081", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM Reference #: 1998874." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21998874", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21998874" + }, + { + "name": "97081", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97081" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1745.json b/2017/1xxx/CVE-2017-1745.json index 7db00d90dd1..f3665966ef3 100644 --- a/2017/1xxx/CVE-2017-1745.json +++ b/2017/1xxx/CVE-2017-1745.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1745", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1745", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1850.json b/2017/1xxx/CVE-2017-1850.json index e2f3bb1185b..4be93753d3c 100644 --- a/2017/1xxx/CVE-2017-1850.json +++ b/2017/1xxx/CVE-2017-1850.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1850", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1850", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4308.json b/2017/4xxx/CVE-2017-4308.json index 293c4803245..c1a84fc3445 100644 --- a/2017/4xxx/CVE-2017-4308.json +++ b/2017/4xxx/CVE-2017-4308.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4308", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4308", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4404.json b/2017/4xxx/CVE-2017-4404.json index 5f292f58b93..59d0c862231 100644 --- a/2017/4xxx/CVE-2017-4404.json +++ b/2017/4xxx/CVE-2017-4404.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4404", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4404", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4746.json b/2017/4xxx/CVE-2017-4746.json index a2d9bffb97a..6cb3399a66f 100644 --- a/2017/4xxx/CVE-2017-4746.json +++ b/2017/4xxx/CVE-2017-4746.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4746", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4746", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4841.json b/2017/4xxx/CVE-2017-4841.json index 180f71c2170..033015e8eda 100644 --- a/2017/4xxx/CVE-2017-4841.json +++ b/2017/4xxx/CVE-2017-4841.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4841", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4841", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file