diff --git a/2006/2xxx/CVE-2006-2055.json b/2006/2xxx/CVE-2006-2055.json index b4da91c2290..73a9c67d1fc 100644 --- a/2006/2xxx/CVE-2006-2055.json +++ b/2006/2xxx/CVE-2006-2055.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via \" (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060424 Multiple browsers Windows mailto protocol Office 2003 file attachment exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/432009/100/0/threaded" - }, - { - "name" : "http://ingehenriksen.blogspot.com/2006/04/office-2003-file-attachment-exploit.html", - "refsource" : "MISC", - "url" : "http://ingehenriksen.blogspot.com/2006/04/office-2003-file-attachment-exploit.html" - }, - { - "name" : "ADV-2006-1538", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1538" - }, - { - "name" : "25003", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25003" - }, - { - "name" : "19819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19819" - }, - { - "name" : "office-mailto-obtain-information(26118)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via \" (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1538", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1538" + }, + { + "name": "http://ingehenriksen.blogspot.com/2006/04/office-2003-file-attachment-exploit.html", + "refsource": "MISC", + "url": "http://ingehenriksen.blogspot.com/2006/04/office-2003-file-attachment-exploit.html" + }, + { + "name": "20060424 Multiple browsers Windows mailto protocol Office 2003 file attachment exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/432009/100/0/threaded" + }, + { + "name": "office-mailto-obtain-information(26118)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26118" + }, + { + "name": "19819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19819" + }, + { + "name": "25003", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25003" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2515.json b/2006/2xxx/CVE-2006-2515.json index f912a98e7b5..9c402f6cb7f 100644 --- a/2006/2xxx/CVE-2006-2515.json +++ b/2006/2xxx/CVE-2006-2515.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Hiox Guestbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input forms for signing the guestbook." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060520 Hiox Guestbook 3.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434686/100/0/threaded" - }, - { - "name" : "ADV-2006-1929", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1929" - }, - { - "name" : "25712", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25712" - }, - { - "name" : "20252", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20252" - }, - { - "name" : "938", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/938" - }, - { - "name" : "hioxguestbook-added-xss(26620)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Hiox Guestbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input forms for signing the guestbook." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060520 Hiox Guestbook 3.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434686/100/0/threaded" + }, + { + "name": "hioxguestbook-added-xss(26620)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26620" + }, + { + "name": "ADV-2006-1929", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1929" + }, + { + "name": "25712", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25712" + }, + { + "name": "938", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/938" + }, + { + "name": "20252", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20252" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2563.json b/2006/2xxx/CVE-2006-2563.json index ab16333e14a..37069fbe7c7 100644 --- a/2006/2xxx/CVE-2006-2563.json +++ b/2006/2xxx/CVE-2006-2563.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060526 cURL Safe Mode Bypass PHP 4.4.2 and 5.1.4", - "refsource" : "SREASONRES", - "url" : "http://securityreason.com/achievement_securityalert/39" - }, - { - "name" : "MDKSA-2006:122", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122" - }, - { - "name" : "SUSE-SR:2006:022", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_22_sr.html" - }, - { - "name" : "SUSE-SA:2006:052", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_52_php.html" - }, - { - "name" : "18116", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18116" - }, - { - "name" : "ADV-2006-2055", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2055" - }, - { - "name" : "1016175", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016175" - }, - { - "name" : "20337", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20337" - }, - { - "name" : "21050", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21050" - }, - { - "name" : "21847", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21847" - }, - { - "name" : "22039", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22039" - }, - { - "name" : "959", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/959" - }, - { - "name" : "php-curl-safemode-bypass(26764)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26764" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21847", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21847" + }, + { + "name": "20337", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20337" + }, + { + "name": "18116", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18116" + }, + { + "name": "22039", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22039" + }, + { + "name": "21050", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21050" + }, + { + "name": "959", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/959" + }, + { + "name": "20060526 cURL Safe Mode Bypass PHP 4.4.2 and 5.1.4", + "refsource": "SREASONRES", + "url": "http://securityreason.com/achievement_securityalert/39" + }, + { + "name": "MDKSA-2006:122", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:122" + }, + { + "name": "php-curl-safemode-bypass(26764)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26764" + }, + { + "name": "SUSE-SR:2006:022", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_22_sr.html" + }, + { + "name": "1016175", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016175" + }, + { + "name": "ADV-2006-2055", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2055" + }, + { + "name": "SUSE-SA:2006:052", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_52_php.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2663.json b/2006/2xxx/CVE-2006-2663.json index c54e57830ae..2ce84512258 100644 --- a/2006/2xxx/CVE-2006-2663.json +++ b/2006/2xxx/CVE-2006-2663.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in iFlance 1.1 allow remote attackers to inject arbitrary web script or HTML via certain inputs to (1) acc_verify.php or (2) project.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060524 iFlance v1.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435036/100/0/threaded" - }, - { - "name" : "ADV-2006-1988", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1988" - }, - { - "name" : "26043", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26043" - }, - { - "name" : "26044", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26044" - }, - { - "name" : "20282", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20282" - }, - { - "name" : "984", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/984" - }, - { - "name" : "iflance-multiple-scripts-xss(26696)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in iFlance 1.1 allow remote attackers to inject arbitrary web script or HTML via certain inputs to (1) acc_verify.php or (2) project.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "984", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/984" + }, + { + "name": "iflance-multiple-scripts-xss(26696)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26696" + }, + { + "name": "26044", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26044" + }, + { + "name": "ADV-2006-1988", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1988" + }, + { + "name": "20060524 iFlance v1.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435036/100/0/threaded" + }, + { + "name": "20282", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20282" + }, + { + "name": "26043", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26043" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3531.json b/2006/3xxx/CVE-2006-3531.json index 1a2af52916e..9b7c0f60744 100644 --- a/2006/3xxx/CVE-2006-3531.json +++ b/2006/3xxx/CVE-2006-3531.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified (1) pass and (2) session parameters, and (3) pass and (4) userlevel indices of the (a) Pivot_Vars[] or (b) Users[] array parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060707 Pivot <=1.30rc2 privilege escalation / remote commands execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439495/100/0/threaded" - }, - { - "name" : "http://retrogod.altervista.org/pivot_130RC2_xpl.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/pivot_130RC2_xpl.html" - }, - { - "name" : "18881", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18881" - }, - { - "name" : "ADV-2006-2744", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2744" - }, - { - "name" : "27126", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27126" - }, - { - "name" : "20962", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20962" - }, - { - "name" : "1214", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1214" - }, - { - "name" : "pivot-insertimage-file-upload(27671)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified (1) pass and (2) session parameters, and (3) pass and (4) userlevel indices of the (a) Pivot_Vars[] or (b) Users[] array parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060707 Pivot <=1.30rc2 privilege escalation / remote commands execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439495/100/0/threaded" + }, + { + "name": "http://retrogod.altervista.org/pivot_130RC2_xpl.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/pivot_130RC2_xpl.html" + }, + { + "name": "ADV-2006-2744", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2744" + }, + { + "name": "pivot-insertimage-file-upload(27671)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27671" + }, + { + "name": "20962", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20962" + }, + { + "name": "18881", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18881" + }, + { + "name": "1214", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1214" + }, + { + "name": "27126", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27126" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3657.json b/2006/3xxx/CVE-2006-3657.json index f95542043b4..ebb8ea12a21 100644 --- a/2006/3xxx/CVE-2006-3657.json +++ b/2006/3xxx/CVE-2006-3657.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://browserfun.blogspot.com/2006/07/mobb-17-dximagetransformmicrosoftgradi.html", - "refsource" : "MISC", - "url" : "http://browserfun.blogspot.com/2006/07/mobb-17-dximagetransformmicrosoftgradi.html" - }, - { - "name" : "19029", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19029" - }, - { - "name" : "ADV-2006-2832", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2832" - }, - { - "name" : "27109", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27109" - }, - { - "name" : "ie-dximagetransform-dos(27762)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27762" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27109", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27109" + }, + { + "name": "ie-dximagetransform-dos(27762)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27762" + }, + { + "name": "19029", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19029" + }, + { + "name": "ADV-2006-2832", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2832" + }, + { + "name": "http://browserfun.blogspot.com/2006/07/mobb-17-dximagetransformmicrosoftgradi.html", + "refsource": "MISC", + "url": "http://browserfun.blogspot.com/2006/07/mobb-17-dximagetransformmicrosoftgradi.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3947.json b/2006/3xxx/CVE-2006-3947.json index bd41191c776..53e178451a8 100644 --- a/2006/3xxx/CVE-2006-3947.json +++ b/2006/3xxx/CVE-2006-3947.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in components/com_mambatstaff/mambatstaff.php in the Mambatstaff 3.1b and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060729 mambatstaff Mambo Component <= Remote Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441538/100/0/threaded" - }, - { - "name" : "2086", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2086" - }, - { - "name" : "19222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19222" - }, - { - "name" : "ADV-2006-3055", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3055" - }, - { - "name" : "27653", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27653" - }, - { - "name" : "21292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21292" - }, - { - "name" : "1313", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1313" - }, - { - "name" : "mambatstaff-mambatstaff-file-include(28074)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28074" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in components/com_mambatstaff/mambatstaff.php in the Mambatstaff 3.1b and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21292" + }, + { + "name": "27653", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27653" + }, + { + "name": "1313", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1313" + }, + { + "name": "ADV-2006-3055", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3055" + }, + { + "name": "2086", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2086" + }, + { + "name": "19222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19222" + }, + { + "name": "mambatstaff-mambatstaff-file-include(28074)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28074" + }, + { + "name": "20060729 mambatstaff Mambo Component <= Remote Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441538/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6336.json b/2006/6xxx/CVE-2006-6336.json index f1c4b6e60a2..b153d17623f 100644 --- a/2006/6xxx/CVE-2006-6336.json +++ b/2006/6xxx/CVE-2006-6336.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the Mail Management Server (MAILMA.exe) in Eudora WorldMail 3.1.x allows remote attackers to execute arbitrary code via a crafted request containing successive delimiters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070105 ZDI-07-001: QUALCOMM Eudora WorldMail Remote Management Heap Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/456077/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-07-001.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-07-001.html" - }, - { - "name" : "21897", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21897" - }, - { - "name" : "ADV-2007-0066", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0066" - }, - { - "name" : "32587", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32587" - }, - { - "name" : "1017474", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017474" - }, - { - "name" : "23622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23622" - }, - { - "name" : "eudora-mail-management-bo(31325)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31325" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the Mail Management Server (MAILMA.exe) in Eudora WorldMail 3.1.x allows remote attackers to execute arbitrary code via a crafted request containing successive delimiters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-001.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-001.html" + }, + { + "name": "20070105 ZDI-07-001: QUALCOMM Eudora WorldMail Remote Management Heap Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/456077/100/0/threaded" + }, + { + "name": "21897", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21897" + }, + { + "name": "eudora-mail-management-bo(31325)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31325" + }, + { + "name": "32587", + "refsource": "OSVDB", + "url": "http://osvdb.org/32587" + }, + { + "name": "ADV-2007-0066", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0066" + }, + { + "name": "23622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23622" + }, + { + "name": "1017474", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017474" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6412.json b/2006/6xxx/CVE-2006-6412.json index 10c71d95d19..4e19d79705f 100644 --- a/2006/6xxx/CVE-2006-6412.json +++ b/2006/6xxx/CVE-2006-6412.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6412", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6412", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6682.json b/2006/6xxx/CVE-2006-6682.json index c5a63652c89..30fd62295f7 100644 --- a/2006/6xxx/CVE-2006-6682.json +++ b/2006/6xxx/CVE-2006-6682.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6682", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061113 Chetcpasswd 2.x: multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=116371297325564&w=2" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454" - }, - { - "name" : "21102", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21102" - }, - { - "name" : "30545", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30545" - }, - { - "name" : "22967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22967" - }, - { - "name" : "chetcpasswd-error-message-enumeration(30454)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30454" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30545", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30545" + }, + { + "name": "chetcpasswd-error-message-enumeration(30454)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30454" + }, + { + "name": "22967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22967" + }, + { + "name": "21102", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21102" + }, + { + "name": "20061113 Chetcpasswd 2.x: multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=116371297325564&w=2" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6775.json b/2006/6xxx/CVE-2006-6775.json index 4ed8c75faa9..2635bf70229 100644 --- a/2006/6xxx/CVE-2006-6775.json +++ b/2006/6xxx/CVE-2006-6775.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6775", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "acFTP 1.5 allows remote authenticated users to cause a denial of service via a crafted argument to the (1) REST or (2) PBSZ command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6775", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2985", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2985" - }, - { - "name" : "21767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21767" - }, - { - "name" : "ADV-2006-5149", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5149" - }, - { - "name" : "23481", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "acFTP 1.5 allows remote authenticated users to cause a denial of service via a crafted argument to the (1) REST or (2) PBSZ command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2985", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2985" + }, + { + "name": "ADV-2006-5149", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5149" + }, + { + "name": "21767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21767" + }, + { + "name": "23481", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23481" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7191.json b/2006/7xxx/CVE-2006-7191.json index 1188514b3f0..7af0915f93a 100644 --- a/2006/7xxx/CVE-2006-7191.json +++ b/2006/7xxx/CVE-2006-7191.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) before 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lam.cvs.sourceforge.net/lam/lam/lib/lamdaemon.pl", - "refsource" : "CONFIRM", - "url" : "http://lam.cvs.sourceforge.net/lam/lam/lib/lamdaemon.pl" - }, - { - "name" : "http://lam.cvs.sourceforge.net/lam/lam/lib/lamdaemon.pl?r1=1.32&r2=1.33", - "refsource" : "CONFIRM", - "url" : "http://lam.cvs.sourceforge.net/lam/lam/lib/lamdaemon.pl?r1=1.32&r2=1.33" - }, - { - "name" : "http://lam.sourceforge.net/changelog/index.htm", - "refsource" : "CONFIRM", - "url" : "http://lam.sourceforge.net/changelog/index.htm" - }, - { - "name" : "DSA-1287", - "refsource" : "DEBIAN", - "url" : "http://www.us.debian.org/security/2007/dsa-1287" - }, - { - "name" : "23857", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23857" - }, - { - "name" : "25157", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25157" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) before 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lam.cvs.sourceforge.net/lam/lam/lib/lamdaemon.pl?r1=1.32&r2=1.33", + "refsource": "CONFIRM", + "url": "http://lam.cvs.sourceforge.net/lam/lam/lib/lamdaemon.pl?r1=1.32&r2=1.33" + }, + { + "name": "DSA-1287", + "refsource": "DEBIAN", + "url": "http://www.us.debian.org/security/2007/dsa-1287" + }, + { + "name": "http://lam.cvs.sourceforge.net/lam/lam/lib/lamdaemon.pl", + "refsource": "CONFIRM", + "url": "http://lam.cvs.sourceforge.net/lam/lam/lib/lamdaemon.pl" + }, + { + "name": "23857", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23857" + }, + { + "name": "25157", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25157" + }, + { + "name": "http://lam.sourceforge.net/changelog/index.htm", + "refsource": "CONFIRM", + "url": "http://lam.sourceforge.net/changelog/index.htm" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7208.json b/2006/7xxx/CVE-2006-7208.json index 9b0bb4ffcce..9a453cae245 100644 --- a/2006/7xxx/CVE-2006-7208.json +++ b/2006/7xxx/CVE-2006-7208.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7208", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in download.php in the Adam van Dongen Forum (com_forum) component (aka phpBB component) 1.2.4RC3 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7208", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070622 All Of the Mambo & Joomla Script Remote File Inclussion Bugs..", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/472005/100/0/threaded" - }, - { - "name" : "1995", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1995" - }, - { - "name" : "45364", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45364" - }, - { - "name" : "2836", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in download.php in the Adam van Dongen Forum (com_forum) component (aka phpBB component) 1.2.4RC3 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45364", + "refsource": "OSVDB", + "url": "http://osvdb.org/45364" + }, + { + "name": "2836", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2836" + }, + { + "name": "20070622 All Of the Mambo & Joomla Script Remote File Inclussion Bugs..", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/472005/100/0/threaded" + }, + { + "name": "1995", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1995" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0465.json b/2011/0xxx/CVE-2011-0465.json index aa451e40d20..07dd5f679cd 100644 --- a/2011/0xxx/CVE-2011-0465.json +++ b/2011/0xxx/CVE-2011-0465.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[xorg-announce] 20110405 X.Org security advisory: root hole via rogue hostname", - "refsource" : "MLIST", - "url" : "http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html" - }, - { - "name" : "[xorg-announce] 20110405 xrdb 1.0.9", - "refsource" : "MLIST", - "url" : "http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html" - }, - { - "name" : "http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=680196", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=680196" - }, - { - "name" : "DSA-2213", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2213" - }, - { - "name" : "FEDORA-2011-4871", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html" - }, - { - "name" : "MDVSA-2011:076", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:076" - }, - { - "name" : "RHSA-2011:0432", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0432.html" - }, - { - "name" : "RHSA-2011:0433", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0433.html" - }, - { - "name" : "SSA:2011-096-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748" - }, - { - "name" : "SUSE-SA:2011:016", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html" - }, - { - "name" : "openSUSE-SU-2011:0298", - "refsource" : "SUSE", - "url" : "https://lwn.net/Articles/437150/" - }, - { - "name" : "USN-1107-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1107-1" - }, - { - "name" : "47189", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47189" - }, - { - "name" : "1025317", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025317" - }, - { - "name" : "44040", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44040" - }, - { - "name" : "44010", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44010" - }, - { - "name" : "44012", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44012" - }, - { - "name" : "44082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44082" - }, - { - "name" : "44122", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44122" - }, - { - "name" : "44123", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44123" - }, - { - "name" : "44193", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44193" - }, - { - "name" : "ADV-2011-0880", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0880" - }, - { - "name" : "ADV-2011-0889", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0889" - }, - { - "name" : "ADV-2011-0906", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0906" - }, - { - "name" : "ADV-2011-0929", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0929" - }, - { - "name" : "ADV-2011-0966", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0966" - }, - { - "name" : "ADV-2011-0975", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0975" - }, - { - "name" : "xorg11-xrdb-command-execution(66585)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[xorg-announce] 20110405 X.Org security advisory: root hole via rogue hostname", + "refsource": "MLIST", + "url": "http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html" + }, + { + "name": "RHSA-2011:0433", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0433.html" + }, + { + "name": "ADV-2011-0966", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0966" + }, + { + "name": "44040", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44040" + }, + { + "name": "DSA-2213", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2213" + }, + { + "name": "44082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44082" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=680196", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=680196" + }, + { + "name": "1025317", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025317" + }, + { + "name": "47189", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47189" + }, + { + "name": "FEDORA-2011-4871", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html" + }, + { + "name": "44123", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44123" + }, + { + "name": "ADV-2011-0880", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0880" + }, + { + "name": "ADV-2011-0906", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0906" + }, + { + "name": "44012", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44012" + }, + { + "name": "http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56" + }, + { + "name": "44010", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44010" + }, + { + "name": "xorg11-xrdb-command-execution(66585)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66585" + }, + { + "name": "USN-1107-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1107-1" + }, + { + "name": "SSA:2011-096-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748" + }, + { + "name": "ADV-2011-0889", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0889" + }, + { + "name": "ADV-2011-0929", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0929" + }, + { + "name": "44122", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44122" + }, + { + "name": "[xorg-announce] 20110405 xrdb 1.0.9", + "refsource": "MLIST", + "url": "http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html" + }, + { + "name": "MDVSA-2011:076", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:076" + }, + { + "name": "RHSA-2011:0432", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0432.html" + }, + { + "name": "ADV-2011-0975", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0975" + }, + { + "name": "44193", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44193" + }, + { + "name": "SUSE-SA:2011:016", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html" + }, + { + "name": "openSUSE-SU-2011:0298", + "refsource": "SUSE", + "url": "https://lwn.net/Articles/437150/" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0510.json b/2011/0xxx/CVE-2011-0510.json index 40c62b269ee..b4f37f28d1e 100644 --- a/2011/0xxx/CVE-2011-0510.json +++ b/2011/0xxx/CVE-2011-0510.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in cart.php in Advanced Webhost Billing System (AWBS) 2.9.2 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the oid parameter in an add_other action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "16003", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/16003" - }, - { - "name" : "42944", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42944" - }, - { - "name" : "awbs-cart-sql-injection(64726)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in cart.php in Advanced Webhost Billing System (AWBS) 2.9.2 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the oid parameter in an add_other action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "awbs-cart-sql-injection(64726)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64726" + }, + { + "name": "16003", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/16003" + }, + { + "name": "42944", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42944" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0895.json b/2011/0xxx/CVE-2011-0895.json index 3b8eed4e5bb..42d297ae59a 100644 --- a/2011/0xxx/CVE-2011-0895.json +++ b/2011/0xxx/CVE-2011-0895.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x and 8.1x allows remote authenticated users to obtain sensitive information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-0895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02652", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130201751130787&w=2" - }, - { - "name" : "SSRT100432", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130201751130787&w=2" - }, - { - "name" : "47162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47162" - }, - { - "name" : "1025288", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025288" - }, - { - "name" : "44032", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44032" - }, - { - "name" : "8186", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8186" - }, - { - "name" : "ADV-2011-0871", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0871" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x and 8.1x allows remote authenticated users to obtain sensitive information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44032", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44032" + }, + { + "name": "47162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47162" + }, + { + "name": "8186", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8186" + }, + { + "name": "HPSBMA02652", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130201751130787&w=2" + }, + { + "name": "SSRT100432", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130201751130787&w=2" + }, + { + "name": "1025288", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025288" + }, + { + "name": "ADV-2011-0871", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0871" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0989.json b/2011/0xxx/CVE-2011-0989.json index dbe5e78fb4f..9fa4fc6ff01 100644 --- a/2011/0xxx/CVE-2011-0989.json +++ b/2011/0xxx/CVE-2011-0989.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0989", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update", - "refsource" : "MLIST", - "url" : "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html" - }, - { - "name" : "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/06/14" - }, - { - "name" : "http://www.mono-project.com/Vulnerabilities", - "refsource" : "CONFIRM", - "url" : "http://www.mono-project.com/Vulnerabilities" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=667077", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=667077" - }, - { - "name" : "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e", - "refsource" : "CONFIRM", - "url" : "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e" - }, - { - "name" : "47208", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47208" - }, - { - "name" : "44002", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44002" - }, - { - "name" : "44076", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44076" - }, - { - "name" : "ADV-2011-0904", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0904" - }, - { - "name" : "momo-runtime-security-bypass(66624)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66624" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=667077", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077" + }, + { + "name": "47208", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47208" + }, + { + "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/06/14" + }, + { + "name": "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e", + "refsource": "CONFIRM", + "url": "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e" + }, + { + "name": "44002", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44002" + }, + { + "name": "http://www.mono-project.com/Vulnerabilities", + "refsource": "CONFIRM", + "url": "http://www.mono-project.com/Vulnerabilities" + }, + { + "name": "44076", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44076" + }, + { + "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update", + "refsource": "MLIST", + "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html" + }, + { + "name": "ADV-2011-0904", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0904" + }, + { + "name": "momo-runtime-security-bypass(66624)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66624" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1093.json b/2011/1xxx/CVE-2011-1093.json index 6da13b93a32..4faae902ca4 100644 --- a/2011/1xxx/CVE-2011-1093.json +++ b/2011/1xxx/CVE-2011-1093.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110308 CVE request: kernel: dccp: fix oops on Reset after close", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/08/4" - }, - { - "name" : "[oss-security] 20110308 Re: CVE request: kernel: dccp: fix oops on Reset after close", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/08/19" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=720dc34bbbe9493c7bd48b2243058b4e447a929d", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=720dc34bbbe9493c7bd48b2243058b4e447a929d" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=682954", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=682954" - }, - { - "name" : "http://downloads.avaya.com/css/P8/documents/100145416", - "refsource" : "CONFIRM", - "url" : "http://downloads.avaya.com/css/P8/documents/100145416" - }, - { - "name" : "RHSA-2011:0833", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-0833.html" - }, - { - "name" : "46793", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=720dc34bbbe9493c7bd48b2243058b4e447a929d", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=720dc34bbbe9493c7bd48b2243058b4e447a929d" + }, + { + "name": "46793", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46793" + }, + { + "name": "RHSA-2011:0833", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-0833.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=682954", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=682954" + }, + { + "name": "[oss-security] 20110308 CVE request: kernel: dccp: fix oops on Reset after close", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/08/4" + }, + { + "name": "[oss-security] 20110308 Re: CVE request: kernel: dccp: fix oops on Reset after close", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/08/19" + }, + { + "name": "http://downloads.avaya.com/css/P8/documents/100145416", + "refsource": "CONFIRM", + "url": "http://downloads.avaya.com/css/P8/documents/100145416" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1684.json b/2011/1xxx/CVE-2011-1684.json index f357bb5169b..501534c4cbe 100644 --- a/2011/1xxx/CVE-2011-1684.json +++ b/2011/1xxx/CVE-2011-1684.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1684", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before 1.1.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110412 CVE id request: vlc", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/11/17" - }, - { - "name" : "[oss-security] 20110413 Re: CVE id request: vlc", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/13/17" - }, - { - "name" : "[oss-security] 20110413 Re: CVE id request: vlc", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/13/14" - }, - { - "name" : "http://git.videolan.org/?p=vlc.git;a=commit;h=5637ca8141bf39f263ecdb62035d2cb45c740821", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=vlc.git;a=commit;h=5637ca8141bf39f263ecdb62035d2cb45c740821" - }, - { - "name" : "http://www.videolan.org/security/sa1103.html", - "refsource" : "CONFIRM", - "url" : "http://www.videolan.org/security/sa1103.html" - }, - { - "name" : "DSA-2218", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2218" - }, - { - "name" : "47293", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47293" - }, - { - "name" : "oval:org.mitre.oval:def:14741", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14741" - }, - { - "name" : "1025373", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025373" - }, - { - "name" : "43890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43890" - }, - { - "name" : "44022", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44022" - }, - { - "name" : "ADV-2011-0916", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0916" - }, - { - "name" : "ADV-2011-0954", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0954" - }, - { - "name" : "vlcmediaplayer-mp4readboxskcr-bo(66664)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66664" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before 1.1.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14741", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14741" + }, + { + "name": "ADV-2011-0954", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0954" + }, + { + "name": "43890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43890" + }, + { + "name": "[oss-security] 20110412 CVE id request: vlc", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/11/17" + }, + { + "name": "44022", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44022" + }, + { + "name": "http://git.videolan.org/?p=vlc.git;a=commit;h=5637ca8141bf39f263ecdb62035d2cb45c740821", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=vlc.git;a=commit;h=5637ca8141bf39f263ecdb62035d2cb45c740821" + }, + { + "name": "ADV-2011-0916", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0916" + }, + { + "name": "DSA-2218", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2218" + }, + { + "name": "[oss-security] 20110413 Re: CVE id request: vlc", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/13/17" + }, + { + "name": "vlcmediaplayer-mp4readboxskcr-bo(66664)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66664" + }, + { + "name": "47293", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47293" + }, + { + "name": "1025373", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025373" + }, + { + "name": "[oss-security] 20110413 Re: CVE id request: vlc", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/13/14" + }, + { + "name": "http://www.videolan.org/security/sa1103.html", + "refsource": "CONFIRM", + "url": "http://www.videolan.org/security/sa1103.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3361.json b/2011/3xxx/CVE-2011-3361.json index 55835d647ad..d3f830ce14a 100644 --- a/2011/3xxx/CVE-2011-3361.json +++ b/2011/3xxx/CVE-2011-3361.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in CGI/Browse.pm in BackupPC 3.2.0 and possibly other versions before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a browse action to index.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[BackupPC-devel] 20110118 XSS's in Browse.pm", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/mailarchive/message.php?msg_id=26919997" - }, - { - "name" : "[oss-security] 20110913 CVE Request: BackupPC 3.2.1 fixes cross site scripting", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/09/13/3" - }, - { - "name" : "[oss-security] 20110914 Re: CVE Request: BackupPC 3.2.1 fixes cross site scripting", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/09/14/7" - }, - { - "name" : "https://www.htbridge.ch/advisory/multiple_xss_vulnerabilities_in_backuppc.html", - "refsource" : "MISC", - "url" : "https://www.htbridge.ch/advisory/multiple_xss_vulnerabilities_in_backuppc.html" - }, - { - "name" : "http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/ChangeLog?revision=1.60&view=markup", - "refsource" : "CONFIRM", - "url" : "http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/ChangeLog?revision=1.60&view=markup" - }, - { - "name" : "http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/lib/BackupPC/CGI/Browse.pm?r1=1.23&r2=1.24", - "refsource" : "CONFIRM", - "url" : "http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/lib/BackupPC/CGI/Browse.pm?r1=1.23&r2=1.24" - }, - { - "name" : "USN-1249-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1249-1" - }, - { - "name" : "50406", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50406" - }, - { - "name" : "44259", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44259" - }, - { - "name" : "46621", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46621" - }, - { - "name" : "backuppc-num-xss(71030)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in CGI/Browse.pm in BackupPC 3.2.0 and possibly other versions before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a browse action to index.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[BackupPC-devel] 20110118 XSS's in Browse.pm", + "refsource": "MLIST", + "url": "http://sourceforge.net/mailarchive/message.php?msg_id=26919997" + }, + { + "name": "http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/ChangeLog?revision=1.60&view=markup", + "refsource": "CONFIRM", + "url": "http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/ChangeLog?revision=1.60&view=markup" + }, + { + "name": "https://www.htbridge.ch/advisory/multiple_xss_vulnerabilities_in_backuppc.html", + "refsource": "MISC", + "url": "https://www.htbridge.ch/advisory/multiple_xss_vulnerabilities_in_backuppc.html" + }, + { + "name": "http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/lib/BackupPC/CGI/Browse.pm?r1=1.23&r2=1.24", + "refsource": "CONFIRM", + "url": "http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/lib/BackupPC/CGI/Browse.pm?r1=1.23&r2=1.24" + }, + { + "name": "backuppc-num-xss(71030)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71030" + }, + { + "name": "44259", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44259" + }, + { + "name": "46621", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46621" + }, + { + "name": "USN-1249-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1249-1" + }, + { + "name": "[oss-security] 20110914 Re: CVE Request: BackupPC 3.2.1 fixes cross site scripting", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/09/14/7" + }, + { + "name": "50406", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50406" + }, + { + "name": "[oss-security] 20110913 CVE Request: BackupPC 3.2.1 fixes cross site scripting", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/09/13/3" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3692.json b/2011/3xxx/CVE-2011-3692.json index 3a954ccf137..7399efe9e10 100644 --- a/2011/3xxx/CVE-2011-3692.json +++ b/2011/3xxx/CVE-2011-3692.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetSaro Enterprise Messenger Server 2.0 stores cleartext console credentials in configuration.xml, which allows local users to obtain sensitive information by reading this file and performing a base64 decoding step." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.solutionary.com/index/SERT/Vuln-Disclosures/NetSaro-Enterprise-Messenger-Vulnerability.html", - "refsource" : "MISC", - "url" : "http://www.solutionary.com/index/SERT/Vuln-Disclosures/NetSaro-Enterprise-Messenger-Vulnerability.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetSaro Enterprise Messenger Server 2.0 stores cleartext console credentials in configuration.xml, which allows local users to obtain sensitive information by reading this file and performing a base64 decoding step." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.solutionary.com/index/SERT/Vuln-Disclosures/NetSaro-Enterprise-Messenger-Vulnerability.html", + "refsource": "MISC", + "url": "http://www.solutionary.com/index/SERT/Vuln-Disclosures/NetSaro-Enterprise-Messenger-Vulnerability.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3969.json b/2011/3xxx/CVE-2011-3969.json index 2a39319333f..0add11220f6 100644 --- a/2011/3xxx/CVE-2011-3969.json +++ b/2011/3xxx/CVE-2011-3969.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3969", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3969", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=110112", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=110112" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html" - }, - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "oval:org.mitre.oval:def:14917", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html" + }, + { + "name": "oval:org.mitre.oval:def:14917", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14917" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=110112", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=110112" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4265.json b/2011/4xxx/CVE-2011-4265.json index e5eb6213f1e..82c260371e5 100644 --- a/2011/4xxx/CVE-2011-4265.json +++ b/2011/4xxx/CVE-2011-4265.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4265", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in phpWebSite before 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2011-4265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#70502960", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN70502960/index.html" - }, - { - "name" : "JVNDB-2011-000103", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000103" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in phpWebSite before 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#70502960", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN70502960/index.html" + }, + { + "name": "JVNDB-2011-000103", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000103" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4710.json b/2011/4xxx/CVE-2011-4710.json index 24b453dd455..a281833e0b1 100644 --- a/2011/4xxx/CVE-2011-4710.json +++ b/2011/4xxx/CVE-2011-4710.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 allow remote attackers to execute arbitrary SQL commands via the (1) pixie_user parameter and (2) Referer HTTP header in a request to the default URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18115", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18115" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 allow remote attackers to execute arbitrary SQL commands via the (1) pixie_user parameter and (2) Referer HTTP header in a request to the default URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18115", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18115" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4738.json b/2011/4xxx/CVE-2011-4738.json index 59417cbe78c..6c9f87a556f 100644 --- a/2011/4xxx/CVE-2011-4738.json +++ b/2011/4xxx/CVE-2011-4738.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by get_password.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html", - "refsource" : "MISC", - "url" : "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html" - }, - { - "name" : "plesk-httponly-info-disc(72321)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by get_password.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html", + "refsource": "MISC", + "url": "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html" + }, + { + "name": "plesk-httponly-info-disc(72321)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72321" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4739.json b/2011/4xxx/CVE-2011-4739.json index d3bf2f37ef6..a149ab6b1f4 100644 --- a/2011/4xxx/CVE-2011-4739.json +++ b/2011/4xxx/CVE-2011-4739.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4739", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/my-profile and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4739", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html", - "refsource" : "MISC", - "url" : "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html" - }, - { - "name" : "plesk-password-form-sec-bypass(72320)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/my-profile and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "plesk-password-form-sec-bypass(72320)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72320" + }, + { + "name": "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html", + "refsource": "MISC", + "url": "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5437.json b/2013/5xxx/CVE-2013-5437.json index 1ed6c9df6c1..99072ef5ee8 100644 --- a/2013/5xxx/CVE-2013-5437.json +++ b/2013/5xxx/CVE-2013-5437.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5437", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5437", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5455.json b/2013/5xxx/CVE-2013-5455.json index 6f2873010f0..d99fdc25ac9 100644 --- a/2013/5xxx/CVE-2013-5455.json +++ b/2013/5xxx/CVE-2013-5455.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authenticated users to modify virtual-system deployment via deployer.virtualsystems CLI commands, as demonstrated by a deletion using a deployer.virtualsystems[#].delete command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-5455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21657949", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21657949" - }, - { - "name" : "smartcloud-provisioning-cve20135455-cli(88254)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authenticated users to modify virtual-system deployment via deployer.virtualsystems CLI commands, as demonstrated by a deletion using a deployer.virtualsystems[#].delete command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21657949", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657949" + }, + { + "name": "smartcloud-provisioning-cve20135455-cli(88254)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88254" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5617.json b/2013/5xxx/CVE-2013-5617.json index d648e8b58e8..1dd8568d939 100644 --- a/2013/5xxx/CVE-2013-5617.json +++ b/2013/5xxx/CVE-2013-5617.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5617", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5617", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2218.json b/2014/2xxx/CVE-2014-2218.json index dc94d4556ee..f3d2204200c 100644 --- a/2014/2xxx/CVE-2014-2218.json +++ b/2014/2xxx/CVE-2014-2218.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2218", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2218", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2257.json b/2014/2xxx/CVE-2014-2257.json index a1d790dc1ef..7ffc18240af 100644 --- a/2014/2xxx/CVE-2014-2257.json +++ b/2014/2xxx/CVE-2014-2257.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" - }, - { - "name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf" + }, + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2291.json b/2014/2xxx/CVE-2014-2291.json index a43862def40..2e637dd2aec 100644 --- a/2014/2xxx/CVE-2014-2291.json +++ b/2014/2xxx/CVE-2014-2291.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10617", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10617" - }, - { - "name" : "57375", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57375" - }, - { - "name" : "juniper-junos-cve20142291-xss(91770)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91770" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "juniper-junos-cve20142291-xss(91770)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91770" + }, + { + "name": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10617", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10617" + }, + { + "name": "57375", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57375" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2322.json b/2014/2xxx/CVE-2014-2322.json index 9199ce92407..cde261b7b06 100644 --- a/2014/2xxx/CVE-2014-2322.json +++ b/2014/2xxx/CVE-2014-2322.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140310 Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/03/10/8" - }, - { - "name" : "[oss-security] 20140312 Re: Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/03/12/6" - }, - { - "name" : "http://www.vapid.dhs.org/advisories/arabic-ruby-gem.html", - "refsource" : "MISC", - "url" : "http://www.vapid.dhs.org/advisories/arabic-ruby-gem.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vapid.dhs.org/advisories/arabic-ruby-gem.html", + "refsource": "MISC", + "url": "http://www.vapid.dhs.org/advisories/arabic-ruby-gem.html" + }, + { + "name": "[oss-security] 20140310 Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/03/10/8" + }, + { + "name": "[oss-security] 20140312 Re: Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/03/12/6" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2790.json b/2014/2xxx/CVE-2014-2790.json index 3bfd528bbde..90212676a1c 100644 --- a/2014/2xxx/CVE-2014-2790.json +++ b/2014/2xxx/CVE-2014-2790.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2787, CVE-2014-2802, and CVE-2014-2806." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-037", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037" - }, - { - "name" : "68375", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68375" - }, - { - "name" : "1030532", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030532" - }, - { - "name" : "59775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2787, CVE-2014-2802, and CVE-2014-2806." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-037", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037" + }, + { + "name": "59775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59775" + }, + { + "name": "1030532", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030532" + }, + { + "name": "68375", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68375" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2885.json b/2014/2xxx/CVE-2014-2885.json index 1951bbb41d4..2a7658e29e4 100644 --- a/2014/2xxx/CVE-2014-2885.json +++ b/2014/2xxx/CVE-2014-2885.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory consumption) via vectors involving large StartingOffset and Length values in the ProcessVolumeDeviceControlIrp function in Ntdriver.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-2885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140417 Re: TrueCrypt audit report", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/04/17/7" - }, - { - "name" : "https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf", - "refsource" : "MISC", - "url" : "https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory consumption) via vectors involving large StartingOffset and Length values in the ProcessVolumeDeviceControlIrp function in Ntdriver.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf", + "refsource": "MISC", + "url": "https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf" + }, + { + "name": "[oss-security] 20140417 Re: TrueCrypt audit report", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/04/17/7" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6024.json b/2014/6xxx/CVE-2014-6024.json index 20aeb6ab2f6..f11a060e913 100644 --- a/2014/6xxx/CVE-2014-6024.json +++ b/2014/6xxx/CVE-2014-6024.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Flurry library before 3.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.fireeye.com/blog/technical/2014/08/ssl-vulnerabilities-who-listens-when-android-applications-talk.html", - "refsource" : "MISC", - "url" : "http://www.fireeye.com/blog/technical/2014/08/ssl-vulnerabilities-who-listens-when-android-applications-talk.html" - }, - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#208585", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/208585" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Flurry library before 3.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.fireeye.com/blog/technical/2014/08/ssl-vulnerabilities-who-listens-when-android-applications-talk.html", + "refsource": "MISC", + "url": "http://www.fireeye.com/blog/technical/2014/08/ssl-vulnerabilities-who-listens-when-android-applications-talk.html" + }, + { + "name": "VU#208585", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/208585" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6269.json b/2014/6xxx/CVE-2014-6269.json index 09429ed3205..e43d3247ef9 100644 --- a/2014/6xxx/CVE-2014-6269.json +++ b/2014/6xxx/CVE-2014-6269.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[haproxy] 20140805 segfault in http_skip_chunk_crlf after 16G of data has passed through haproxy", - "refsource" : "MLIST", - "url" : "http://article.gmane.org/gmane.comp.web.haproxy/17726" - }, - { - "name" : "[haproxy] 20140902 [ANNOUNCE] haproxy-1.5.4", - "refsource" : "MLIST", - "url" : "http://article.gmane.org/gmane.comp.web.haproxy/18097" - }, - { - "name" : "[oss-security] 20140909 Re: CVE Request: haproxy read out of bounds", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/09/09/23" - }, - { - "name" : "http://git.haproxy.org/?p=haproxy-1.5.git;a=commitdiff;h=b4d05093bc89f71377230228007e69a1434c1a0c", - "refsource" : "CONFIRM", - "url" : "http://git.haproxy.org/?p=haproxy-1.5.git;a=commitdiff;h=b4d05093bc89f71377230228007e69a1434c1a0c" - }, - { - "name" : "RHSA-2014:1292", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1292.html" - }, - { - "name" : "59936", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59936" - }, - { - "name" : "61507", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61507" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[haproxy] 20140805 segfault in http_skip_chunk_crlf after 16G of data has passed through haproxy", + "refsource": "MLIST", + "url": "http://article.gmane.org/gmane.comp.web.haproxy/17726" + }, + { + "name": "61507", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61507" + }, + { + "name": "59936", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59936" + }, + { + "name": "http://git.haproxy.org/?p=haproxy-1.5.git;a=commitdiff;h=b4d05093bc89f71377230228007e69a1434c1a0c", + "refsource": "CONFIRM", + "url": "http://git.haproxy.org/?p=haproxy-1.5.git;a=commitdiff;h=b4d05093bc89f71377230228007e69a1434c1a0c" + }, + { + "name": "[haproxy] 20140902 [ANNOUNCE] haproxy-1.5.4", + "refsource": "MLIST", + "url": "http://article.gmane.org/gmane.comp.web.haproxy/18097" + }, + { + "name": "[oss-security] 20140909 Re: CVE Request: haproxy read out of bounds", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/09/09/23" + }, + { + "name": "RHSA-2014:1292", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1292.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6539.json b/2014/6xxx/CVE-2014-6539.json index c64756e9752..f6a65cab7f7 100644 --- a/2014/6xxx/CVE-2014-6539.json +++ b/2014/6xxx/CVE-2014-6539.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to LOV, a different vulnerability than CVE-2014-6472." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70450", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70450" - }, - { - "name" : "1031042", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031042" - }, - { - "name" : "61725", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61725" - }, - { - "name" : "61781", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to LOV, a different vulnerability than CVE-2014-6472." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61781", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61781" + }, + { + "name": "1031042", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031042" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "61725", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61725" + }, + { + "name": "70450", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70450" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6790.json b/2014/6xxx/CVE-2014-6790.json index 1297c62a8b9..a88a4b64854 100644 --- a/2014/6xxx/CVE-2014-6790.json +++ b/2014/6xxx/CVE-2014-6790.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The INVEX (aka com.mobilatolye.keyinternet) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#599393", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/599393" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The INVEX (aka com.mobilatolye.keyinternet) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#599393", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/599393" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7867.json b/2014/7xxx/CVE-2014-7867.json index 1fd126b0494..38a281f12b1 100644 --- a/2014/7xxx/CVE-2014-7867.json +++ b/2014/7xxx/CVE-2014-7867.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the probeName parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.zoho.com/portal/manageengine/helpcenter/articles/sql-injection-vulnerability-fix", - "refsource" : "CONFIRM", - "url" : "https://support.zoho.com/portal/manageengine/helpcenter/articles/sql-injection-vulnerability-fix" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the probeName parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.zoho.com/portal/manageengine/helpcenter/articles/sql-injection-vulnerability-fix", + "refsource": "CONFIRM", + "url": "https://support.zoho.com/portal/manageengine/helpcenter/articles/sql-injection-vulnerability-fix" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0014.json b/2017/0xxx/CVE-2017-0014.json index 08e94e95ba6..39995e21701 100644 --- a/2017/0xxx/CVE-2017-0014.json +++ b/2017/0xxx/CVE-2017-0014.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Graphics Component", - "version" : { - "version_data" : [ - { - "version_value" : "The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Windows Graphics Component Remote Code Execution Vulnerability.\" This vulnerability is different from that described in CVE-2017-0108." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Graphics Component", + "version": { + "version_data": [ + { + "version_value": "The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-9/", - "refsource" : "MISC", - "url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-9/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0014", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0014" - }, - { - "name" : "96013", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96013" - }, - { - "name" : "1038002", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Windows Graphics Component Remote Code Execution Vulnerability.\" This vulnerability is different from that described in CVE-2017-0108." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96013", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96013" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0014", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0014" + }, + { + "name": "1038002", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038002" + }, + { + "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-9/", + "refsource": "MISC", + "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-9/" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0124.json b/2017/0xxx/CVE-2017-0124.json index c3b39ca9de0..bb859770df2 100644 --- a/2017/0xxx/CVE-2017-0124.json +++ b/2017/0xxx/CVE-2017-0124.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Uniscribe", - "version" : { - "version_data" : [ - { - "version_value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Uniscribe Information Disclosure Vulnerability.\" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Uniscribe", + "version": { + "version_data": [ + { + "version_value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41655", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41655/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0124", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0124" - }, - { - "name" : "96670", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96670" - }, - { - "name" : "1037992", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Uniscribe Information Disclosure Vulnerability.\" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96670", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96670" + }, + { + "name": "1037992", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037992" + }, + { + "name": "41655", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41655/" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0124", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0124" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0174.json b/2017/0xxx/CVE-2017-0174.json index e26725f98f3..bb90d179e08 100644 --- a/2017/0xxx/CVE-2017-0174.json +++ b/2017/0xxx/CVE-2017-0174.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-0174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows NetBIOS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it improperly handles NetBIOS packets, aka \"Windows NetBIOS Denial of Service Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-0174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Windows", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0174", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0174" - }, - { - "name" : "100038", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100038" - }, - { - "name" : "1039109", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows NetBIOS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it improperly handles NetBIOS packets, aka \"Windows NetBIOS Denial of Service Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100038", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100038" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0174", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0174" + }, + { + "name": "1039109", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039109" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0502.json b/2017/0xxx/CVE-2017-0502.json index 586af9b2282..38c127726e8 100644 --- a/2017/0xxx/CVE-2017-0502.json +++ b/2017/0xxx/CVE-2017-0502.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28430164. References: M-ALPS02710027." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01" - }, - { - "name" : "96726", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96726" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28430164. References: M-ALPS02710027." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "96726", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96726" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0520.json b/2017/0xxx/CVE-2017-0520.json index 997ff6ff0b4..b4f27aea377 100644 --- a/2017/0xxx/CVE-2017-0520.json +++ b/2017/0xxx/CVE-2017-0520.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0520", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31750232. References: QC-CR#1082636." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0520", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=eb2aad752c43f57e88ab9b0c3c5ee7b976ee31dd", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=eb2aad752c43f57e88ab9b0c3c5ee7b976ee31dd" - }, - { - "name" : "96804", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96804" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31750232. References: QC-CR#1082636." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=eb2aad752c43f57e88ab9b0c3c5ee7b976ee31dd", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=eb2aad752c43f57e88ab9b0c3c5ee7b976ee31dd" + }, + { + "name": "96804", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96804" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000030.json b/2017/1000xxx/CVE-2017-1000030.json index 3b59fd477ac..bdd95e1e841 100644 --- a/2017/1000xxx/CVE-2017-1000030.json +++ b/2017/1000xxx/CVE-2017-1000030.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-05-06T20:43:28.279652", - "ID" : "CVE-2017-1000030", - "REQUESTER" : "pkarolak@trustwave.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GlassFish Server Open Source Edition", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.1 (build 22)" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Java Key Store Password Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-05-06T20:43:28.279652", + "ID": "CVE-2017-1000030", + "REQUESTER": "pkarolak@trustwave.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037", - "refsource" : "MISC", - "url" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037", + "refsource": "MISC", + "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000403.json b/2017/1000xxx/CVE-2017-1000403.json index 19d2b92e126..73a97f894a1 100644 --- a/2017/1000xxx/CVE-2017-1000403.json +++ b/2017/1000xxx/CVE-2017-1000403.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-11-17", - "ID" : "CVE-2017-1000403", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Speaks! Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "all versions" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins Speaks! Plugin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Arbitrary Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-11-17", + "ID": "CVE-2017-1000403", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2017-10-11/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2017-10-11/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2017-10-11/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2017-10-11/" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18206.json b/2017/18xxx/CVE-2017-18206.json index 6b2a00ef8ab..f3d2f82d1d9 100644 --- a/2017/18xxx/CVE-2017-18206.json +++ b/2017/18xxx/CVE-2017-18206.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In utils.c in zsh before 5.4, symlink expansion had a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceforge.net/p/zsh/code/ci/c7a9cf465dd620ef48d586026944d9bd7a0d5d6d", - "refsource" : "MISC", - "url" : "https://sourceforge.net/p/zsh/code/ci/c7a9cf465dd620ef48d586026944d9bd7a0d5d6d" - }, - { - "name" : "GLSA-201805-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201805-10" - }, - { - "name" : "RHSA-2018:1932", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1932" - }, - { - "name" : "RHSA-2018:3073", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3073" - }, - { - "name" : "USN-3593-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3593-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In utils.c in zsh before 5.4, symlink expansion had a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3593-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3593-1/" + }, + { + "name": "GLSA-201805-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201805-10" + }, + { + "name": "RHSA-2018:1932", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1932" + }, + { + "name": "https://sourceforge.net/p/zsh/code/ci/c7a9cf465dd620ef48d586026944d9bd7a0d5d6d", + "refsource": "MISC", + "url": "https://sourceforge.net/p/zsh/code/ci/c7a9cf465dd620ef48d586026944d9bd7a0d5d6d" + }, + { + "name": "RHSA-2018:3073", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3073" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1772.json b/2017/1xxx/CVE-2017-1772.json index 4afcd838a31..3fc421b76ed 100644 --- a/2017/1xxx/CVE-2017-1772.json +++ b/2017/1xxx/CVE-2017-1772.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-03-30T00:00:00", - "ID" : "CVE-2017-1772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MobileFirst Platform Foundation", - "version" : { - "version_data" : [ - { - "version_value" : "6.3" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1" - }, - { - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Worklight (IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and 8.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136786." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "N", - "S" : "C", - "SCORE" : "6.100", - "UI" : "R" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-03-30T00:00:00", + "ID": "CVE-2017-1772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MobileFirst Platform Foundation", + "version": { + "version_data": [ + { + "version_value": "6.3" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1" + }, + { + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/136786", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/136786" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg2C1000369", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg2C1000369" - }, - { - "name" : "103735", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103735" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Worklight (IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and 8.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136786." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "N", + "S": "C", + "SCORE": "6.100", + "UI": "R" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103735", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103735" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136786", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136786" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000369", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000369" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1775.json b/2017/1xxx/CVE-2017-1775.json index 2752502d467..dab9afa60d5 100644 --- a/2017/1xxx/CVE-2017-1775.json +++ b/2017/1xxx/CVE-2017-1775.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1775", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1775", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1785.json b/2017/1xxx/CVE-2017-1785.json index 1f300db7af2..b6e96a27e62 100644 --- a/2017/1xxx/CVE-2017-1785.json +++ b/2017/1xxx/CVE-2017-1785.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-02-02T00:00:00", - "ID" : "CVE-2017-1785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "API Connect", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.7.0" - }, - { - "version_value" : "5.0.7.1" - }, - { - "version_value" : "5.0.7.2" - }, - { - "version_value" : "5.0.8.0" - }, - { - "version_value" : "5.0.8.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-02-02T00:00:00", + "ID": "CVE-2017-1785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "API Connect", + "version": { + "version_data": [ + { + "version_value": "5.0.7.0" + }, + { + "version_value": "5.0.7.1" + }, + { + "version_value": "5.0.7.2" + }, + { + "version_value": "5.0.8.0" + }, + { + "version_value": "5.0.8.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/136859", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/136859" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22013061", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22013061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136859", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136859" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22013061", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22013061" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4128.json b/2017/4xxx/CVE-2017-4128.json index 1048039b005..d0c39d55061 100644 --- a/2017/4xxx/CVE-2017-4128.json +++ b/2017/4xxx/CVE-2017-4128.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4128", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4128", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5940.json b/2017/5xxx/CVE-2017-5940.json index 02e47df895a..4a7f1ad9456 100644 --- a/2017/5xxx/CVE-2017-5940.json +++ b/2017/5xxx/CVE-2017-5940.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5940", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openwall.com/lists/oss-security/2017/01/31/16", - "refsource" : "MISC", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/31/16" - }, - { - "name" : "https://firejail.wordpress.com/download-2/release-notes/", - "refsource" : "MISC", - "url" : "https://firejail.wordpress.com/download-2/release-notes/" - }, - { - "name" : "https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f", - "refsource" : "MISC", - "url" : "https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f" - }, - { - "name" : "https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef", - "refsource" : "MISC", - "url" : "https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef" - }, - { - "name" : "https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863", - "refsource" : "MISC", - "url" : "https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863" - }, - { - "name" : "GLSA-201702-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-03" - }, - { - "name" : "96221", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96221" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863", + "refsource": "MISC", + "url": "https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863" + }, + { + "name": "GLSA-201702-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-03" + }, + { + "name": "https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f", + "refsource": "MISC", + "url": "https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f" + }, + { + "name": "https://firejail.wordpress.com/download-2/release-notes/", + "refsource": "MISC", + "url": "https://firejail.wordpress.com/download-2/release-notes/" + }, + { + "name": "http://www.openwall.com/lists/oss-security/2017/01/31/16", + "refsource": "MISC", + "url": "http://www.openwall.com/lists/oss-security/2017/01/31/16" + }, + { + "name": "https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef", + "refsource": "MISC", + "url": "https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef" + }, + { + "name": "96221", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96221" + } + ] + } +} \ No newline at end of file