From 3d570e869683ad413c42cd7f712d930e6aadecfd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:07:42 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/1xxx/CVE-2001-1135.json | 170 ++++++------- 2001/1xxx/CVE-2001-1234.json | 160 ++++++------- 2001/1xxx/CVE-2001-1592.json | 34 +-- 2006/2xxx/CVE-2006-2113.json | 190 +++++++-------- 2006/2xxx/CVE-2006-2428.json | 170 ++++++------- 2006/3xxx/CVE-2006-3567.json | 190 +++++++-------- 2006/6xxx/CVE-2006-6096.json | 140 +++++------ 2006/6xxx/CVE-2006-6161.json | 150 ++++++------ 2006/6xxx/CVE-2006-6508.json | 150 ++++++------ 2006/6xxx/CVE-2006-6847.json | 150 ++++++------ 2006/7xxx/CVE-2006-7231.json | 130 +++++----- 2011/0xxx/CVE-2011-0069.json | 220 ++++++++--------- 2011/0xxx/CVE-2011-0214.json | 130 +++++----- 2011/0xxx/CVE-2011-0564.json | 150 ++++++------ 2011/0xxx/CVE-2011-0674.json | 220 ++++++++--------- 2011/1xxx/CVE-2011-1236.json | 220 ++++++++--------- 2011/2xxx/CVE-2011-2048.json | 34 +-- 2011/2xxx/CVE-2011-2803.json | 160 ++++++------- 2011/3xxx/CVE-2011-3372.json | 200 ++++++++-------- 2011/3xxx/CVE-2011-3793.json | 140 +++++------ 2011/3xxx/CVE-2011-3979.json | 190 +++++++-------- 2011/4xxx/CVE-2011-4289.json | 140 +++++------ 2011/4xxx/CVE-2011-4453.json | 140 +++++------ 2011/4xxx/CVE-2011-4576.json | 370 ++++++++++++++--------------- 2011/4xxx/CVE-2011-4626.json | 34 +-- 2011/4xxx/CVE-2011-4725.json | 130 +++++----- 2011/4xxx/CVE-2011-4746.json | 120 +++++----- 2013/1xxx/CVE-2013-1894.json | 34 +-- 2013/5xxx/CVE-2013-5205.json | 34 +-- 2013/5xxx/CVE-2013-5444.json | 130 +++++----- 2013/5xxx/CVE-2013-5780.json | 360 ++++++++++++++-------------- 2013/5xxx/CVE-2013-5902.json | 260 ++++++++++---------- 2014/2xxx/CVE-2014-2017.json | 130 +++++----- 2014/2xxx/CVE-2014-2020.json | 140 +++++------ 2014/2xxx/CVE-2014-2746.json | 170 ++++++------- 2014/2xxx/CVE-2014-2771.json | 140 +++++------ 2014/2xxx/CVE-2014-2825.json | 160 ++++++------- 2014/6xxx/CVE-2014-6059.json | 34 +-- 2014/6xxx/CVE-2014-6178.json | 150 ++++++------ 2014/6xxx/CVE-2014-6543.json | 150 ++++++------ 2014/6xxx/CVE-2014-6789.json | 140 +++++------ 2014/6xxx/CVE-2014-6878.json | 140 +++++------ 2014/6xxx/CVE-2014-6903.json | 140 +++++------ 2014/7xxx/CVE-2014-7991.json | 170 ++++++------- 2017/0xxx/CVE-2017-0228.json | 150 ++++++------ 2017/0xxx/CVE-2017-0243.json | 142 +++++------ 2017/0xxx/CVE-2017-0305.json | 120 +++++----- 2017/0xxx/CVE-2017-0416.json | 176 +++++++------- 2017/0xxx/CVE-2017-0907.json | 142 +++++------ 2017/1000xxx/CVE-2017-1000024.json | 124 +++++----- 2017/1000xxx/CVE-2017-1000430.json | 124 +++++----- 2017/18xxx/CVE-2017-18296.json | 140 +++++------ 2017/1xxx/CVE-2017-1529.json | 34 +-- 2017/1xxx/CVE-2017-1796.json | 34 +-- 2017/1xxx/CVE-2017-1927.json | 34 +-- 2017/1xxx/CVE-2017-1998.json | 34 +-- 2017/4xxx/CVE-2017-4011.json | 130 +++++----- 2017/4xxx/CVE-2017-4048.json | 34 +-- 2017/4xxx/CVE-2017-4238.json | 34 +-- 2017/4xxx/CVE-2017-4666.json | 34 +-- 2017/5xxx/CVE-2017-5921.json | 34 +-- 61 files changed, 4117 insertions(+), 4117 deletions(-) diff --git a/2001/1xxx/CVE-2001-1135.json b/2001/1xxx/CVE-2001-1135.json index f7396a9cb24..6ad742e8eb3 100644 --- a/2001/1xxx/CVE-2001-1135.json +++ b/2001/1xxx/CVE-2001-1135.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ZyXEL Prestige 642R and 642R-I routers do not filter the routers' Telnet and FTP ports on the external WAN interface from inside access, allowing someone on an internal computer to reconfigure the router, if the password is known." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010814 Fwd: ZyXEL Prestige 642 Router Administration Interface Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/204439" - }, - { - "name" : "20010810 Re: ZyXEL Prestige 642R: Exposed Admin Services on WAN with Default Password", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/203592" - }, - { - "name" : "20010809 ZyXEL Prestige 642R: Exposed Admin Services on WAN with Default Password", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/203022" - }, - { - "name" : "20010918 SECURITY RISK: ZyXEL ADSL Router 642R - WAN filter bypass from internal network", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/214971" - }, - { - "name" : "3346", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3346" - }, - { - "name" : "prestige-wan-bypass-filter(7146)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7146" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ZyXEL Prestige 642R and 642R-I routers do not filter the routers' Telnet and FTP ports on the external WAN interface from inside access, allowing someone on an internal computer to reconfigure the router, if the password is known." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010810 Re: ZyXEL Prestige 642R: Exposed Admin Services on WAN with Default Password", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/203592" + }, + { + "name": "prestige-wan-bypass-filter(7146)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7146" + }, + { + "name": "20010809 ZyXEL Prestige 642R: Exposed Admin Services on WAN with Default Password", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/203022" + }, + { + "name": "20010918 SECURITY RISK: ZyXEL ADSL Router 642R - WAN filter bypass from internal network", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/214971" + }, + { + "name": "3346", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3346" + }, + { + "name": "20010814 Fwd: ZyXEL Prestige 642 Router Administration Interface Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/204439" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1234.json b/2001/1xxx/CVE-2001-1234.json index 71575b239f4..825c6c7f455 100644 --- a/2001/1xxx/CVE-2001-1234.json +++ b/2001/1xxx/CVE-2001-1234.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011002 results of semi-automatic source code audit", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html" - }, - { - "name" : "http://prdownloads.sourceforge.net/gallery/gallery-1.2.5.tar.gz", - "refsource" : "CONFIRM", - "url" : "http://prdownloads.sourceforge.net/gallery/gallery-1.2.5.tar.gz" - }, - { - "name" : "3397", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3397" - }, - { - "name" : "php-includedir-code-execution(7215)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7215.php" - }, - { - "name" : "1967", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1967" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011002 results of semi-automatic source code audit", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html" + }, + { + "name": "php-includedir-code-execution(7215)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7215.php" + }, + { + "name": "3397", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3397" + }, + { + "name": "1967", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1967" + }, + { + "name": "http://prdownloads.sourceforge.net/gallery/gallery-1.2.5.tar.gz", + "refsource": "CONFIRM", + "url": "http://prdownloads.sourceforge.net/gallery/gallery-1.2.5.tar.gz" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1592.json b/2001/1xxx/CVE-2001-1592.json index 9822269f86a..c5a0308c97f 100644 --- a/2001/1xxx/CVE-2001-1592.json +++ b/2001/1xxx/CVE-2001-1592.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1592", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1592", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2113.json b/2006/2xxx/CVE-2006-2113.json index 0c8f7056b9f..f0767cf06bf 100644 --- a/2006/2xxx/CVE-2006-2113.json +++ b/2006/2xxx/CVE-2006-2113.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060825 Indiana University Security Advisory: Fuji Xerox Printing Systems (FXPS) print engine vulnerabilitie", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=115652437223454&w=2" - }, - { - "name" : "20060825 Indiana University Security Advisory: Fuji Xerox Printing Systems (FXPS) print engine vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444321/100/0/threaded" - }, - { - "name" : "http://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities", - "refsource" : "MISC", - "url" : "http://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities" - }, - { - "name" : "19716", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19716" - }, - { - "name" : "ADV-2006-3401", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3401" - }, - { - "name" : "28250", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28250" - }, - { - "name" : "21630", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21630" - }, - { - "name" : "22463", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22463" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3401", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3401" + }, + { + "name": "19716", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19716" + }, + { + "name": "28250", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28250" + }, + { + "name": "21630", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21630" + }, + { + "name": "20060825 Indiana University Security Advisory: Fuji Xerox Printing Systems (FXPS) print engine vulnerabilitie", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=115652437223454&w=2" + }, + { + "name": "http://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities", + "refsource": "MISC", + "url": "http://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities" + }, + { + "name": "20060825 Indiana University Security Advisory: Fuji Xerox Printing Systems (FXPS) print engine vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444321/100/0/threaded" + }, + { + "name": "22463", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22463" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2428.json b/2006/2xxx/CVE-2006-2428.json index 32f3a850dba..98cc4441e26 100644 --- a/2006/2xxx/CVE-2006-2428.json +++ b/2006/2xxx/CVE-2006-2428.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "add.asp in DUware DUbanner 3.1 allows remote attackers to execute arbitrary code by uploading files with arbitrary extensions, such as ASP files, probably due to client-side enforcement that can be bypassed. NOTE: some of these details are obtained from third party information, since the raw source is vague." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060510 # MHG Security Team --- Gallery Upload Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433894/100/0/threaded" - }, - { - "name" : "17993", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17993" - }, - { - "name" : "ADV-2006-1825", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1825" - }, - { - "name" : "20102", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20102" - }, - { - "name" : "911", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/911" - }, - { - "name" : "dubanner-add-file-upload(26457)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "add.asp in DUware DUbanner 3.1 allows remote attackers to execute arbitrary code by uploading files with arbitrary extensions, such as ASP files, probably due to client-side enforcement that can be bypassed. NOTE: some of these details are obtained from third party information, since the raw source is vague." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20102", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20102" + }, + { + "name": "dubanner-add-file-upload(26457)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26457" + }, + { + "name": "911", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/911" + }, + { + "name": "17993", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17993" + }, + { + "name": "ADV-2006-1825", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1825" + }, + { + "name": "20060510 # MHG Security Team --- Gallery Upload Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433894/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3567.json b/2006/3xxx/CVE-2006-3567.json index dd95d61e290..52bfcf3cfc2 100644 --- a/2006/3xxx/CVE-2006-3567.json +++ b/2006/3xxx/CVE-2006-3567.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web administration interface logging feature in Juniper Networks (Redline) DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060710 Juniper Networks DX Web Administration Persistent System Log XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439758/100/0/threaded" - }, - { - "name" : "18926", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18926" - }, - { - "name" : "ADV-2006-2741", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2741" - }, - { - "name" : "27131", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27131" - }, - { - "name" : "1016462", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016462" - }, - { - "name" : "20990", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20990" - }, - { - "name" : "1218", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1218" - }, - { - "name" : "juniper-networks-logging-xss(27645)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27645" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web administration interface logging feature in Juniper Networks (Redline) DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016462", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016462" + }, + { + "name": "ADV-2006-2741", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2741" + }, + { + "name": "1218", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1218" + }, + { + "name": "20060710 Juniper Networks DX Web Administration Persistent System Log XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439758/100/0/threaded" + }, + { + "name": "18926", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18926" + }, + { + "name": "27131", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27131" + }, + { + "name": "juniper-networks-logging-xss(27645)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27645" + }, + { + "name": "20990", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20990" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6096.json b/2006/6xxx/CVE-2006-6096.json index 9aa9e90396a..58d3075b889 100644 --- a/2006/6xxx/CVE-2006-6096.json +++ b/2006/6xxx/CVE-2006-6096.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in activenews_search.asp in ActiveNews Manager allows remote attackers to inject arbitrary web script or HTML via the query parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061118 [Aria-Security's Research Team] ActiveNews Manager SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=116387481223790&w=2" - }, - { - "name" : "http://www.aria-security.com/forum/showthread.php?t=33", - "refsource" : "MISC", - "url" : "http://www.aria-security.com/forum/showthread.php?t=33" - }, - { - "name" : "21167", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21167" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in activenews_search.asp in ActiveNews Manager allows remote attackers to inject arbitrary web script or HTML via the query parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21167", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21167" + }, + { + "name": "20061118 [Aria-Security's Research Team] ActiveNews Manager SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=116387481223790&w=2" + }, + { + "name": "http://www.aria-security.com/forum/showthread.php?t=33", + "refsource": "MISC", + "url": "http://www.aria-security.com/forum/showthread.php?t=33" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6161.json b/2006/6xxx/CVE-2006-6161.json index 8910c3db642..92a43546425 100644 --- a/2006/6xxx/CVE-2006-6161.json +++ b/2006/6xxx/CVE-2006-6161.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) uid parameter to (a) inout/status.asp, (b) inout/update.asp, and (c) forgotpass.asp. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7493", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7493" - }, - { - "name" : "32884", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32884" - }, - { - "name" : "ADV-2006-4704", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4704" - }, - { - "name" : "liberumhelpdesk-forgotpass-sql-injection(47420)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47420" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) uid parameter to (a) inout/status.asp, (b) inout/update.asp, and (c) forgotpass.asp. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7493", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7493" + }, + { + "name": "32884", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32884" + }, + { + "name": "ADV-2006-4704", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4704" + }, + { + "name": "liberumhelpdesk-forgotpass-sql-injection(47420)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47420" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6508.json b/2006/6xxx/CVE-2006-6508.json index b9537cc7c34..eb42aef8138 100644 --- a/2006/6xxx/CVE-2006-6508.json +++ b/2006/6xxx/CVE-2006-6508.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-1488", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1488" - }, - { - "name" : "23283", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23283" - }, - { - "name" : "28871", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28871" - }, - { - "name" : "phpbb-message-csrf(30786)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30786" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpbb-message-csrf(30786)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30786" + }, + { + "name": "28871", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28871" + }, + { + "name": "DSA-1488", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1488" + }, + { + "name": "23283", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23283" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6847.json b/2006/6xxx/CVE-2006-6847.json index f26b0751a86..09f3755bef8 100644 --- a/2006/6xxx/CVE-2006-6847.json +++ b/2006/6xxx/CVE-2006-6847.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the RealPlayer.OpenURLInPlayerBrowser method with a long second argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/21802.html", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/21802.html" - }, - { - "name" : "3030", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3030" - }, - { - "name" : "21802", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21802" - }, - { - "name" : "realplayer-ierpplug-dos(31141)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31141" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the RealPlayer.OpenURLInPlayerBrowser method with a long second argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21802", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21802" + }, + { + "name": "realplayer-ierpplug-dos(31141)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31141" + }, + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/21802.html", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/21802.html" + }, + { + "name": "3030", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3030" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7231.json b/2006/7xxx/CVE-2006-7231.json index 4d50d47b8c0..f7fcd9a0591 100644 --- a/2006/7xxx/CVE-2006-7231.json +++ b/2006/7xxx/CVE-2006-7231.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in display.asp in Civica Software Civica allows remote attackers to execute arbitrary SQL commands via the Entry parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20354", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20354" - }, - { - "name" : "civica-display-sql-injection(40305)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40305" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in display.asp in Civica Software Civica allows remote attackers to execute arbitrary SQL commands via the Entry parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20354", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20354" + }, + { + "name": "civica-display-sql-injection(40305)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40305" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0069.json b/2011/0xxx/CVE-2011-0069.json index f8b29580fc2..a521cce627e 100644 --- a/2011/0xxx/CVE-2011-0069.json +++ b/2011/0xxx/CVE-2011-0069.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=644069", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=644069" - }, - { - "name" : "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird", - "refsource" : "CONFIRM", - "url" : "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird" - }, - { - "name" : "http://downloads.avaya.com/css/P8/documents/100144158", - "refsource" : "CONFIRM", - "url" : "http://downloads.avaya.com/css/P8/documents/100144158" - }, - { - "name" : "DSA-2227", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2227" - }, - { - "name" : "DSA-2228", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2228" - }, - { - "name" : "DSA-2235", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2235" - }, - { - "name" : "MDVSA-2011:080", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:080" - }, - { - "name" : "MDVSA-2011:079", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079" - }, - { - "name" : "47656", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47656" - }, - { - "name" : "oval:org.mitre.oval:def:14065", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14065" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2228", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2228" + }, + { + "name": "oval:org.mitre.oval:def:14065", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14065" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=644069", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=644069" + }, + { + "name": "MDVSA-2011:079", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079" + }, + { + "name": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird", + "refsource": "CONFIRM", + "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird" + }, + { + "name": "DSA-2235", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2235" + }, + { + "name": "47656", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47656" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html" + }, + { + "name": "MDVSA-2011:080", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:080" + }, + { + "name": "DSA-2227", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2227" + }, + { + "name": "http://downloads.avaya.com/css/P8/documents/100144158", + "refsource": "CONFIRM", + "url": "http://downloads.avaya.com/css/P8/documents/100144158" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0214.json b/2011/0xxx/CVE-2011-0214.json index 56d0bcb6481..1a0eb49e796 100644 --- a/2011/0xxx/CVE-2011-0214.json +++ b/2011/0xxx/CVE-2011-0214.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4808", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4808" - }, - { - "name" : "APPLE-SA-2011-07-20-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4808", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4808" + }, + { + "name": "APPLE-SA-2011-07-20-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0564.json b/2011/0xxx/CVE-2011-0564.json index e3c5ead7e78..854cc2f5887 100644 --- a/2011/0xxx/CVE-2011-0564.json +++ b/2011/0xxx/CVE-2011-0564.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows use weak permissions for unspecified files, which allows attackers to gain privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-0564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html" - }, - { - "name" : "oval:org.mitre.oval:def:12548", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12548" - }, - { - "name" : "1025033", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025033" - }, - { - "name" : "ADV-2011-0337", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0337" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows use weak permissions for unspecified files, which allows attackers to gain privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0337", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0337" + }, + { + "name": "oval:org.mitre.oval:def:12548", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12548" + }, + { + "name": "1025033", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025033" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-03.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0674.json b/2011/0xxx/CVE-2011-0674.json index 8938c80aa03..ce78323a6b4 100644 --- a/2011/0xxx/CVE-2011-0674.json +++ b/2011/0xxx/CVE-2011-0674.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-0674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", - "refsource" : "MISC", - "url" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100133352", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100133352" - }, - { - "name" : "MS11-034", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" - }, - { - "name" : "TA11-102A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" - }, - { - "name" : "47209", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47209" - }, - { - "name" : "71747", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/71747" - }, - { - "name" : "oval:org.mitre.oval:def:11708", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11708" - }, - { - "name" : "1025345", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025345" - }, - { - "name" : "44156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44156" - }, - { - "name" : "ADV-2011-0952", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0952" - }, - { - "name" : "mswin-win32k-var9-priv-escalation(66403)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66403" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "71747", + "refsource": "OSVDB", + "url": "http://osvdb.org/71747" + }, + { + "name": "oval:org.mitre.oval:def:11708", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11708" + }, + { + "name": "TA11-102A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" + }, + { + "name": "MS11-034", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" + }, + { + "name": "ADV-2011-0952", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0952" + }, + { + "name": "mswin-win32k-var9-priv-escalation(66403)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66403" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100133352", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100133352" + }, + { + "name": "47209", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47209" + }, + { + "name": "44156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44156" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", + "refsource": "MISC", + "url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" + }, + { + "name": "1025345", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025345" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1236.json b/2011/1xxx/CVE-2011-1236.json index de35cf213cc..fd881c02114 100644 --- a/2011/1xxx/CVE-2011-1236.json +++ b/2011/1xxx/CVE-2011-1236.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", - "refsource" : "MISC", - "url" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100133352", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100133352" - }, - { - "name" : "MS11-034", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" - }, - { - "name" : "TA11-102A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" - }, - { - "name" : "47213", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47213" - }, - { - "name" : "71751", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/71751" - }, - { - "name" : "oval:org.mitre.oval:def:12478", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12478" - }, - { - "name" : "1025345", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025345" - }, - { - "name" : "44156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44156" - }, - { - "name" : "ADV-2011-0952", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0952" - }, - { - "name" : "mswin-win32k-var24-priv-escalation(66418)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-102A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" + }, + { + "name": "oval:org.mitre.oval:def:12478", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12478" + }, + { + "name": "47213", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47213" + }, + { + "name": "mswin-win32k-var24-priv-escalation(66418)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66418" + }, + { + "name": "71751", + "refsource": "OSVDB", + "url": "http://osvdb.org/71751" + }, + { + "name": "MS11-034", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" + }, + { + "name": "ADV-2011-0952", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0952" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100133352", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100133352" + }, + { + "name": "44156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44156" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", + "refsource": "MISC", + "url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" + }, + { + "name": "1025345", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025345" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2048.json b/2011/2xxx/CVE-2011-2048.json index 4a7026f75f0..09785944cea 100644 --- a/2011/2xxx/CVE-2011-2048.json +++ b/2011/2xxx/CVE-2011-2048.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2048", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2048", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2803.json b/2011/2xxx/CVE-2011-2803.json index bd64e6ef595..5b9e42776c8 100644 --- a/2011/2xxx/CVE-2011-2803.json +++ b/2011/2xxx/CVE-2011-2803.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 13.0.782.107 does not properly handle Skia paths, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=88827", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=88827" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html" - }, - { - "name" : "74254", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/74254" - }, - { - "name" : "oval:org.mitre.oval:def:14333", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14333" - }, - { - "name" : "google-chrome-skia-code-exec(68965)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68965" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 13.0.782.107 does not properly handle Skia paths, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html" + }, + { + "name": "google-chrome-skia-code-exec(68965)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68965" + }, + { + "name": "74254", + "refsource": "OSVDB", + "url": "http://osvdb.org/74254" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=88827", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=88827" + }, + { + "name": "oval:org.mitre.oval:def:14333", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14333" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3372.json b/2011/3xxx/CVE-2011-3372.json index 85ab084dde4..fe88749bd37 100644 --- a/2011/3xxx/CVE-2011-3372.json +++ b/2011/3xxx/CVE-2011-3372.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2011-68", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2011-68" - }, - { - "name" : "http://cyrusimap.org/mediawiki/index.php/Latest_Updates", - "refsource" : "CONFIRM", - "url" : "http://cyrusimap.org/mediawiki/index.php/Latest_Updates" - }, - { - "name" : "http://git.cyrusimap.org/cyrus-imapd/commit/?id=77903669e04c9788460561dd0560b9c916519594", - "refsource" : "CONFIRM", - "url" : "http://git.cyrusimap.org/cyrus-imapd/commit/?id=77903669e04c9788460561dd0560b9c916519594" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=740822", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=740822" - }, - { - "name" : "DSA-2318", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2318" - }, - { - "name" : "MDVSA-2011:149", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:149" - }, - { - "name" : "RHSA-2011:1508", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1508.html" - }, - { - "name" : "1026363", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1026363" - }, - { - "name" : "46093", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cyrusimap.org/mediawiki/index.php/Latest_Updates", + "refsource": "CONFIRM", + "url": "http://cyrusimap.org/mediawiki/index.php/Latest_Updates" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=740822", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=740822" + }, + { + "name": "RHSA-2011:1508", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1508.html" + }, + { + "name": "MDVSA-2011:149", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:149" + }, + { + "name": "46093", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46093" + }, + { + "name": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=77903669e04c9788460561dd0560b9c916519594", + "refsource": "CONFIRM", + "url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=77903669e04c9788460561dd0560b9c916519594" + }, + { + "name": "1026363", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1026363" + }, + { + "name": "http://secunia.com/secunia_research/2011-68", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2011-68" + }, + { + "name": "DSA-2318", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2318" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3793.json b/2011/3xxx/CVE-2011-3793.json index 4b19324acbd..0f8eb718224 100644 --- a/2011/3xxx/CVE-2011-3793.json +++ b/2011/3xxx/CVE-2011-3793.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pixie 1.04 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/modules/static.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/pixie_v1.04", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/pixie_v1.04" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pixie 1.04 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/modules/static.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/pixie_v1.04", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/pixie_v1.04" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3979.json b/2011/3xxx/CVE-2011-3979.json index 9b7d79ef501..f10dd4afe96 100644 --- a/2011/3xxx/CVE-2011-3979.json +++ b/2011/3xxx/CVE-2011-3979.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110907 XSS in Zikula", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/519565/100/0/threaded" - }, - { - "name" : "https://www.htbridge.ch/advisory/xss_in_zikula.html", - "refsource" : "MISC", - "url" : "https://www.htbridge.ch/advisory/xss_in_zikula.html" - }, - { - "name" : "http://community.zikula.org/index.php?module=News&func=display&sid=3075", - "refsource" : "CONFIRM", - "url" : "http://community.zikula.org/index.php?module=News&func=display&sid=3075" - }, - { - "name" : "49491", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49491" - }, - { - "name" : "75226", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/75226" - }, - { - "name" : "45884", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45884" - }, - { - "name" : "8409", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8409" - }, - { - "name" : "zikulaapplication-index-xss(69644)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69644" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://community.zikula.org/index.php?module=News&func=display&sid=3075", + "refsource": "CONFIRM", + "url": "http://community.zikula.org/index.php?module=News&func=display&sid=3075" + }, + { + "name": "https://www.htbridge.ch/advisory/xss_in_zikula.html", + "refsource": "MISC", + "url": "https://www.htbridge.ch/advisory/xss_in_zikula.html" + }, + { + "name": "20110907 XSS in Zikula", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/519565/100/0/threaded" + }, + { + "name": "8409", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8409" + }, + { + "name": "zikulaapplication-index-xss(69644)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69644" + }, + { + "name": "45884", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45884" + }, + { + "name": "49491", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49491" + }, + { + "name": "75226", + "refsource": "OSVDB", + "url": "http://osvdb.org/75226" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4289.json b/2011/4xxx/CVE-2011-4289.json index 564739189bc..31db9fb79db 100644 --- a/2011/4xxx/CVE-2011-4289.json +++ b/2011/4xxx/CVE-2011-4289.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address information by reading a full profile page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/11/14/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=181991e791a13a3c383234718c26c499e31d3df1", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=181991e791a13a3c383234718c26c499e31d3df1" - }, - { - "name" : "http://moodle.org/mod/forum/discuss.php?d=175591", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/mod/forum/discuss.php?d=175591" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address information by reading a full profile page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/11/14/1" + }, + { + "name": "http://moodle.org/mod/forum/discuss.php?d=175591", + "refsource": "CONFIRM", + "url": "http://moodle.org/mod/forum/discuss.php?d=175591" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=181991e791a13a3c383234718c26c499e31d3df1", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=181991e791a13a3c383234718c26c499e31d3df1" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4453.json b/2011/4xxx/CVE-2011-4453.json index 7cf6a2efda9..ee0b8437741 100644 --- a/2011/4xxx/CVE-2011-4453.json +++ b/2011/4xxx/CVE-2011-4453.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18149", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18149/" - }, - { - "name" : "18243", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18243/" - }, - { - "name" : "http://www.pmwiki.org/wiki/PITS/01271", - "refsource" : "CONFIRM", - "url" : "http://www.pmwiki.org/wiki/PITS/01271" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18243", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18243/" + }, + { + "name": "18149", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18149/" + }, + { + "name": "http://www.pmwiki.org/wiki/PITS/01271", + "refsource": "CONFIRM", + "url": "http://www.pmwiki.org/wiki/PITS/01271" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4576.json b/2011/4xxx/CVE-2011-4576.json index beb991d578b..d58ce456d56 100644 --- a/2011/4xxx/CVE-2011-4576.json +++ b/2011/4xxx/CVE-2011-4576.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openssl.org/news/secadv_20120104.txt", - "refsource" : "CONFIRM", - "url" : "http://www.openssl.org/news/secadv_20120104.txt" - }, - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" - }, - { - "name" : "http://support.apple.com/kb/HT5784", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5784" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" - }, - { - "name" : "APPLE-SA-2013-06-04-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" - }, - { - "name" : "DSA-2390", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2390" - }, - { - "name" : "FEDORA-2012-18035", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" - }, - { - "name" : "HPSBMU02786", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" - }, - { - "name" : "SSRT100877", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" - }, - { - "name" : "HPSBOV02793", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134039053214295&w=2" - }, - { - "name" : "SSRT100891", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134039053214295&w=2" - }, - { - "name" : "HPSBUX02734", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132750648501816&w=2" - }, - { - "name" : "SSRT100729", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132750648501816&w=2" - }, - { - "name" : "HPSBMU02776", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133951357207000&w=2" - }, - { - "name" : "SSRT100852", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133951357207000&w=2" - }, - { - "name" : "MDVSA-2012:006", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006" - }, - { - "name" : "MDVSA-2012:007", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007" - }, - { - "name" : "RHSA-2012:1306", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1306.html" - }, - { - "name" : "RHSA-2012:1307", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1307.html" - }, - { - "name" : "RHSA-2012:1308", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1308.html" - }, - { - "name" : "SUSE-SU-2012:0084", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" - }, - { - "name" : "openSUSE-SU-2012:0083", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html" - }, - { - "name" : "VU#737740", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/737740" - }, - { - "name" : "48528", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48528" - }, - { - "name" : "55069", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55069" - }, - { - "name" : "57353", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48528", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48528" + }, + { + "name": "HPSBMU02786", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" + }, + { + "name": "openSUSE-SU-2012:0083", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html" + }, + { + "name": "MDVSA-2012:006", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006" + }, + { + "name": "FEDORA-2012-18035", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" + }, + { + "name": "http://www.openssl.org/news/secadv_20120104.txt", + "refsource": "CONFIRM", + "url": "http://www.openssl.org/news/secadv_20120104.txt" + }, + { + "name": "SUSE-SU-2012:0084", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" + }, + { + "name": "RHSA-2012:1308", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html" + }, + { + "name": "RHSA-2012:1307", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html" + }, + { + "name": "http://support.apple.com/kb/HT5784", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5784" + }, + { + "name": "APPLE-SA-2013-06-04-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" + }, + { + "name": "VU#737740", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/737740" + }, + { + "name": "HPSBUX02734", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132750648501816&w=2" + }, + { + "name": "MDVSA-2012:007", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007" + }, + { + "name": "RHSA-2012:1306", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html" + }, + { + "name": "HPSBOV02793", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134039053214295&w=2" + }, + { + "name": "57353", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57353" + }, + { + "name": "SSRT100891", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134039053214295&w=2" + }, + { + "name": "SSRT100852", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133951357207000&w=2" + }, + { + "name": "SSRT100729", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132750648501816&w=2" + }, + { + "name": "SSRT100877", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" + }, + { + "name": "DSA-2390", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2390" + }, + { + "name": "55069", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55069" + }, + { + "name": "HPSBMU02776", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133951357207000&w=2" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4626.json b/2011/4xxx/CVE-2011-4626.json index 6b84817e75e..4eff6d3fd53 100644 --- a/2011/4xxx/CVE-2011-4626.json +++ b/2011/4xxx/CVE-2011-4626.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4626", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4626", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4725.json b/2011/4xxx/CVE-2011-4725.json index 02fd805cbca..3ee20aa7248 100644 --- a/2011/4xxx/CVE-2011-4725.json +++ b/2011/4xxx/CVE-2011-4725.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by login_up.php3 and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html", - "refsource" : "MISC", - "url" : "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html" - }, - { - "name" : "plesk-server-sql-injection(72334)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72334" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by login_up.php3 and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html", + "refsource": "MISC", + "url": "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html" + }, + { + "name": "plesk-server-sql-injection(72334)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72334" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4746.json b/2011/4xxx/CVE-2011-4746.json index 883d0d166a7..9ed773d127c 100644 --- a/2011/4xxx/CVE-2011-4746.json +++ b/2011/4xxx/CVE-2011-4746.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 does not disable the SSL 2.0 protocol, which makes it easier for remote attackers to conduct spoofing attacks by leveraging protocol weaknesses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html", - "refsource" : "MISC", - "url" : "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 does not disable the SSL 2.0 protocol, which makes it easier for remote attackers to conduct spoofing attacks by leveraging protocol weaknesses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html", + "refsource": "MISC", + "url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1894.json b/2013/1xxx/CVE-2013-1894.json index 5486b3b402a..f0176097a5b 100644 --- a/2013/1xxx/CVE-2013-1894.json +++ b/2013/1xxx/CVE-2013-1894.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1894", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-2561. Reason: This candidate is a duplicate of CVE-2013-2561. Notes: All CVE users should reference CVE-2013-2561 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-1894", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-2561. Reason: This candidate is a duplicate of CVE-2013-2561. Notes: All CVE users should reference CVE-2013-2561 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5205.json b/2013/5xxx/CVE-2013-5205.json index 643bca39c86..8ceea227f7e 100644 --- a/2013/5xxx/CVE-2013-5205.json +++ b/2013/5xxx/CVE-2013-5205.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5205", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5205", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5444.json b/2013/5xxx/CVE-2013-5444.json index c79404d316d..521b4ff1c40 100644 --- a/2013/5xxx/CVE-2013-5444.json +++ b/2013/5xxx/CVE-2013-5444.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The server in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to read encrypted credentials via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-5444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21667626", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21667626" - }, - { - "name" : "ibm-cognos-cve20135444-weak-security(87820)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87820" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The server in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to read encrypted credentials via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21667626", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667626" + }, + { + "name": "ibm-cognos-cve20135444-weak-security(87820)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87820" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5780.json b/2013/5xxx/CVE-2013-5780.json index 898bd2b10ff..c3ecd93201a 100644 --- a/2013/5xxx/CVE-2013-5780.json +++ b/2013/5xxx/CVE-2013-5780.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" - }, - { - "name" : "http://support.apple.com/kb/HT5982", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5982" - }, - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201" - }, - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1018785", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1018785" - }, - { - "name" : "APPLE-SA-2013-10-15-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02943", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=138674031212883&w=2" - }, - { - "name" : "HPSBUX02944", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=138674073720143&w=2" - }, - { - "name" : "RHSA-2013:1440", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1440.html" - }, - { - "name" : "RHSA-2013:1447", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1447.html" - }, - { - "name" : "RHSA-2013:1451", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1451.html" - }, - { - "name" : "RHSA-2013:1505", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1505.html" - }, - { - "name" : "RHSA-2013:1507", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1507.html" - }, - { - "name" : "RHSA-2013:1508", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1508.html" - }, - { - "name" : "RHSA-2013:1509", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1509.html" - }, - { - "name" : "RHSA-2013:1793", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1793.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "SUSE-SU-2013:1666", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html" - }, - { - "name" : "SUSE-SU-2013:1677", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html" - }, - { - "name" : "openSUSE-SU-2013:1663", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html" - }, - { - "name" : "USN-2033-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2033-1" - }, - { - "name" : "USN-2089-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2089-1" - }, - { - "name" : "63115", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63115" - }, - { - "name" : "oval:org.mitre.oval:def:19101", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "RHSA-2013:1447", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html" + }, + { + "name": "RHSA-2013:1440", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html" + }, + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1018785", + "refsource": "CONFIRM", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1018785" + }, + { + "name": "USN-2033-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2033-1" + }, + { + "name": "USN-2089-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2089-1" + }, + { + "name": "RHSA-2013:1508", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1508.html" + }, + { + "name": "SUSE-SU-2013:1677", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html" + }, + { + "name": "HPSBUX02944", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=138674073720143&w=2" + }, + { + "name": "RHSA-2013:1505", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1505.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201" + }, + { + "name": "HPSBUX02943", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=138674031212883&w=2" + }, + { + "name": "oval:org.mitre.oval:def:19101", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19101" + }, + { + "name": "openSUSE-SU-2013:1663", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html" + }, + { + "name": "SUSE-SU-2013:1666", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html" + }, + { + "name": "RHSA-2013:1793", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1793.html" + }, + { + "name": "RHSA-2013:1509", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1509.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" + }, + { + "name": "APPLE-SA-2013-10-15-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html" + }, + { + "name": "63115", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63115" + }, + { + "name": "RHSA-2013:1507", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1507.html" + }, + { + "name": "http://support.apple.com/kb/HT5982", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5982" + }, + { + "name": "RHSA-2013:1451", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html" + }, + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5902.json b/2013/5xxx/CVE-2013-5902.json index 7ac6a461f0d..1b9d21f15ff 100644 --- a/2013/5xxx/CVE-2013-5902.json +++ b/2013/5xxx/CVE-2013-5902.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2014-0410, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777" - }, - { - "name" : "HPSBUX02972", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" - }, - { - "name" : "HPSBUX02973", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" - }, - { - "name" : "SSRT101454", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" - }, - { - "name" : "SSRT101455", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" - }, - { - "name" : "RHSA-2014:0030", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0030.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64923", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64923" - }, - { - "name" : "102011", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102011" - }, - { - "name" : "1029608", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029608" - }, - { - "name" : "56485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56485" - }, - { - "name" : "56535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56535" - }, - { - "name" : "oracle-cpujan2014-cve20135902(90343)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90343" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2014-0410, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "SSRT101455", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2" + }, + { + "name": "56535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56535" + }, + { + "name": "RHSA-2014:0030", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0030.html" + }, + { + "name": "56485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56485" + }, + { + "name": "SSRT101454", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777" + }, + { + "name": "HPSBUX02972", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2" + }, + { + "name": "64923", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64923" + }, + { + "name": "HPSBUX02973", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2" + }, + { + "name": "1029608", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029608" + }, + { + "name": "oracle-cpujan2014-cve20135902(90343)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90343" + }, + { + "name": "102011", + "refsource": "OSVDB", + "url": "http://osvdb.org/102011" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2017.json b/2014/2xxx/CVE-2014-2017.json index e83f0d4b3a9..0316e93ae0f 100644 --- a/2014/2xxx/CVE-2014-2017.json +++ b/2014/2xxx/CVE-2014-2017.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and 4.8.x before 4.8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.oxid-esales.com/view.php?id=5635", - "refsource" : "CONFIRM", - "url" : "https://bugs.oxid-esales.com/view.php?id=5635" - }, - { - "name" : "https://oxidforge.org/en/security-bulletin-2014-002.html", - "refsource" : "CONFIRM", - "url" : "https://oxidforge.org/en/security-bulletin-2014-002.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and 4.8.x before 4.8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.oxid-esales.com/view.php?id=5635", + "refsource": "CONFIRM", + "url": "https://bugs.oxid-esales.com/view.php?id=5635" + }, + { + "name": "https://oxidforge.org/en/security-bulletin-2014-002.html", + "refsource": "CONFIRM", + "url": "https://oxidforge.org/en/security-bulletin-2014-002.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2020.json b/2014/2xxx/CVE-2014-2020.json index d32763877fe..99e269685ca 100644 --- a/2014/2xxx/CVE-2014-2020.json +++ b/2014/2xxx/CVE-2014-2020.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.php.net/bug.php?id=66356", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=66356" - }, - { - "name" : "https://github.com/php/php-src/commit/2938329ce19cb8c4197dec146c3ec887c6f61d01", - "refsource" : "CONFIRM", - "url" : "https://github.com/php/php-src/commit/2938329ce19cb8c4197dec146c3ec887c6f61d01" - }, - { - "name" : "USN-2126-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2126-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/php/php-src/commit/2938329ce19cb8c4197dec146c3ec887c6f61d01", + "refsource": "CONFIRM", + "url": "https://github.com/php/php-src/commit/2938329ce19cb8c4197dec146c3ec887c6f61d01" + }, + { + "name": "USN-2126-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2126-1" + }, + { + "name": "https://bugs.php.net/bug.php?id=66356", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=66356" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2746.json b/2014/2xxx/CVE-2014-2746.json index 0abc487a948..9a7f319656d 100644 --- a/2014/2xxx/CVE-2014-2746.json +++ b/2014/2xxx/CVE-2014-2746.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "net/IOService.java in Tigase before 5.2.1 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an \"xmppbomb\" attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2014-2746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140407 Re: Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/04/07/7" - }, - { - "name" : "[oss-security] 20140408 Re: (Openfire M-Link Metronome Prosody Tigase) Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/04/09/1" - }, - { - "name" : "http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/", - "refsource" : "MISC", - "url" : "http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/" - }, - { - "name" : "http://www.tigase.org/content/uncontrolled-resource-consumption-highly-compressed-xmpp-messages", - "refsource" : "CONFIRM", - "url" : "http://www.tigase.org/content/uncontrolled-resource-consumption-highly-compressed-xmpp-messages" - }, - { - "name" : "https://projects.tigase.org/issues/1780", - "refsource" : "CONFIRM", - "url" : "https://projects.tigase.org/issues/1780" - }, - { - "name" : "https://projects.tigase.org/projects/tigase-server/repository/revisions/7f5af2f8c5b97bbf9def66fbb9dd47746a7ac292", - "refsource" : "CONFIRM", - "url" : "https://projects.tigase.org/projects/tigase-server/repository/revisions/7f5af2f8c5b97bbf9def66fbb9dd47746a7ac292" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "net/IOService.java in Tigase before 5.2.1 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an \"xmppbomb\" attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/", + "refsource": "MISC", + "url": "http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/" + }, + { + "name": "http://www.tigase.org/content/uncontrolled-resource-consumption-highly-compressed-xmpp-messages", + "refsource": "CONFIRM", + "url": "http://www.tigase.org/content/uncontrolled-resource-consumption-highly-compressed-xmpp-messages" + }, + { + "name": "https://projects.tigase.org/issues/1780", + "refsource": "CONFIRM", + "url": "https://projects.tigase.org/issues/1780" + }, + { + "name": "[oss-security] 20140408 Re: (Openfire M-Link Metronome Prosody Tigase) Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/04/09/1" + }, + { + "name": "https://projects.tigase.org/projects/tigase-server/repository/revisions/7f5af2f8c5b97bbf9def66fbb9dd47746a7ac292", + "refsource": "CONFIRM", + "url": "https://projects.tigase.org/projects/tigase-server/repository/revisions/7f5af2f8c5b97bbf9def66fbb9dd47746a7ac292" + }, + { + "name": "[oss-security] 20140407 Re: Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/04/07/7" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2771.json b/2014/2xxx/CVE-2014-2771.json index 40c483991d6..3b549ac3236 100644 --- a/2014/2xxx/CVE-2014-2771.json +++ b/2014/2xxx/CVE-2014-2771.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, and CVE-2014-2769." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-035", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" - }, - { - "name" : "67856", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67856" - }, - { - "name" : "1030370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, and CVE-2014-2769." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030370" + }, + { + "name": "MS14-035", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" + }, + { + "name": "67856", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67856" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2825.json b/2014/2xxx/CVE-2014-2825.json index 16c60a61833..2fa7b2d86d1 100644 --- a/2014/2xxx/CVE-2014-2825.json +++ b/2014/2xxx/CVE-2014-2825.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2796, CVE-2014-2808, CVE-2014-4050, CVE-2014-4055, and CVE-2014-4067." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-051", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" - }, - { - "name" : "69121", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69121" - }, - { - "name" : "1030715", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030715" - }, - { - "name" : "60670", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60670" - }, - { - "name" : "ms-ie-cve20142825-code-exec(94982)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94982" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2796, CVE-2014-2808, CVE-2014-4050, CVE-2014-4055, and CVE-2014-4067." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ms-ie-cve20142825-code-exec(94982)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94982" + }, + { + "name": "1030715", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030715" + }, + { + "name": "MS14-051", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" + }, + { + "name": "69121", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69121" + }, + { + "name": "60670", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60670" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6059.json b/2014/6xxx/CVE-2014-6059.json index b19f77a19c2..cbff28fca50 100644 --- a/2014/6xxx/CVE-2014-6059.json +++ b/2014/6xxx/CVE-2014-6059.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6059", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6059", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6178.json b/2014/6xxx/CVE-2014-6178.json index 919ad93c92f..6e1b8176a38 100644 --- a/2014/6xxx/CVE-2014-6178.json +++ b/2014/6xxx/CVE-2014-6178.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the widgets in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21693384", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21693384" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21693387", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21693387" - }, - { - "name" : "IV51765", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV51765" - }, - { - "name" : "ibm-wsrr-cve20146178-xss(98514)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the widgets in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IV51765", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV51765" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21693384", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21693384" + }, + { + "name": "ibm-wsrr-cve20146178-xss(98514)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98514" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21693387", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21693387" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6543.json b/2014/6xxx/CVE-2014-6543.json index 4ad25439bc0..dd849187db8 100644 --- a/2014/6xxx/CVE-2014-6543.json +++ b/2014/6xxx/CVE-2014-6543.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect confidentiality and integrity via vectors related to ITEM (Item & BOM)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70545", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70545" - }, - { - "name" : "1031043", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031043" - }, - { - "name" : "61724", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61724" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect confidentiality and integrity via vectors related to ITEM (Item & BOM)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031043", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031043" + }, + { + "name": "70545", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70545" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "61724", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61724" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6789.json b/2014/6xxx/CVE-2014-6789.json index c5846b1f88d..d6b0e7d77c5 100644 --- a/2014/6xxx/CVE-2014-6789.json +++ b/2014/6xxx/CVE-2014-6789.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Anaheim Library 2Go! (aka com.bredir.boopsie.anaheim) application 4.5.110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#756033", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/756033" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Anaheim Library 2Go! (aka com.bredir.boopsie.anaheim) application 4.5.110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#756033", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/756033" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6878.json b/2014/6xxx/CVE-2014-6878.json index e56403b1ba6..e29e043198c 100644 --- a/2014/6xxx/CVE-2014-6878.json +++ b/2014/6xxx/CVE-2014-6878.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RBFCU Mobile (aka com.Vertifi.DeposZip.P314089681) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#740721", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/740721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RBFCU Mobile (aka com.Vertifi.DeposZip.P314089681) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#740721", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/740721" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6903.json b/2014/6xxx/CVE-2014-6903.json index af5dc1be58d..bb8c5b8ac3d 100644 --- a/2014/6xxx/CVE-2014-6903.json +++ b/2014/6xxx/CVE-2014-6903.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Gulf Power Mobile Bill Pay (aka com.tionetworks.gulf) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#215273", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/215273" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Gulf Power Mobile Bill Pay (aka com.tionetworks.gulf) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#215273", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/215273" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7991.json b/2014/7xxx/CVE-2014-7991.json index 696eb5a004a..507983fece9 100644 --- a/2014/7xxx/CVE-2014-7991.json +++ b/2014/7xxx/CVE-2014-7991.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7991", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-7991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36381", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36381" - }, - { - "name" : "20141110 Cisco Unified Communications Manager Remote Mobile Access Subsystem Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7991" - }, - { - "name" : "71013", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71013" - }, - { - "name" : "1031181", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031181" - }, - { - "name" : "62267", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62267" - }, - { - "name" : "cisco-ucm-cve20147991-spoofing(98574)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98574" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031181", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031181" + }, + { + "name": "cisco-ucm-cve20147991-spoofing(98574)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98574" + }, + { + "name": "62267", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62267" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36381", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36381" + }, + { + "name": "71013", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71013" + }, + { + "name": "20141110 Cisco Unified Communications Manager Remote Mobile Access Subsystem Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7991" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0228.json b/2017/0xxx/CVE-2017-0228.json index 85ff3bab43d..e4a746a90cb 100644 --- a/2017/0xxx/CVE-2017-0228.json +++ b/2017/0xxx/CVE-2017-0228.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft browsers", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 8.1 for 32-bit systems, Windows 8.1 for x64-based systems, Windows RT 8.1, Windows Server 2012 R2, Windows 10 for 32-bit Systems, Windows 10 for x64-based Systems, Windows 10 Version 1511 for 32-bit Systems, Windows 10 Version 1511 for x64-based Systems, Windows 10 Version 1607 for 32-bit Systems, Windows 10 Version 1607 for x64-based Systems, Windows 10 Version 1703 for 32-bit Systems, Windows 10 Version 1703 for x64-based Systems, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript engines render when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0224, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft browsers", + "version": { + "version_data": [ + { + "version_value": "Windows 8.1 for 32-bit systems, Windows 8.1 for x64-based systems, Windows RT 8.1, Windows Server 2012 R2, Windows 10 for 32-bit Systems, Windows 10 for x64-based Systems, Windows 10 Version 1511 for 32-bit Systems, Windows 10 Version 1511 for x64-based Systems, Windows 10 Version 1607 for 32-bit Systems, Windows 10 Version 1607 for x64-based Systems, Windows 10 Version 1703 for 32-bit Systems, Windows 10 Version 1703 for x64-based Systems, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0228", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0228" - }, - { - "name" : "98164", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98164" - }, - { - "name" : "1038425", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038425" - }, - { - "name" : "1038426", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript engines render when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0224, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98164", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98164" + }, + { + "name": "1038425", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038425" + }, + { + "name": "1038426", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038426" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0228", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0228" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0243.json b/2017/0xxx/CVE-2017-0243.json index 4af9353b658..7095bcf4025 100644 --- a/2017/0xxx/CVE-2017-0243.json +++ b/2017/0xxx/CVE-2017-0243.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-07-11T00:00:00", - "ID" : "CVE-2017-0243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Office 2007 SP2 and SP3, Microsoft Office 2010 SP2, Microsoft Office Web Apps 2010 SP2, and Microsoft Business Productivity Servers 2010 SP2.", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Office" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka \"Microsoft Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8570." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-07-11T00:00:00", + "ID": "CVE-2017-0243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office 2007 SP2 and SP3, Microsoft Office 2010 SP2, Microsoft Office Web Apps 2010 SP2, and Microsoft Business Productivity Servers 2010 SP2.", + "version": { + "version_data": [ + { + "version_value": "Microsoft Office" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0243", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0243" - }, - { - "name" : "99446", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99446" - }, - { - "name" : "1038851", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038851" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka \"Microsoft Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8570." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038851", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038851" + }, + { + "name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0243", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0243" + }, + { + "name": "99446", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99446" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0305.json b/2017/0xxx/CVE-2017-0305.json index 9acb51e0de9..3fa5796df7e 100644 --- a/2017/0xxx/CVE-2017-0305.json +++ b/2017/0xxx/CVE-2017-0305.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "ID" : "CVE-2017-0305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SSL Intercept iApp version", - "version" : { - "version_data" : [ - { - "version_value" : "1.5.0 - 1.5.7" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote command execution" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "ID": "CVE-2017-0305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SSL Intercept iApp version", + "version": { + "version_data": [ + { + "version_value": "1.5.0 - 1.5.7" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K53244431", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K53244431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote command execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K53244431", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K53244431" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0416.json b/2017/0xxx/CVE-2017-0416.json index be417ab3910..b4ec4084e3e 100644 --- a/2017/0xxx/CVE-2017-0416.json +++ b/2017/0xxx/CVE-2017-0416.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-4.4.4" - }, - { - "version_value" : "Android-5.0.2" - }, - { - "version_value" : "Android-5.1.1" - }, - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - }, - { - "version_value" : "Android-7.0" - }, - { - "version_value" : "Android-7.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32886609." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-4.4.4" + }, + { + "version_value": "Android-5.0.2" + }, + { + "version_value": "Android-5.1.1" + }, + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + }, + { + "version_value": "Android-7.0" + }, + { + "version_value": "Android-7.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-02-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-02-01.html" - }, - { - "name" : "96055", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96055" - }, - { - "name" : "1037798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32886609." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037798" + }, + { + "name": "96055", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96055" + }, + { + "name": "https://source.android.com/security/bulletin/2017-02-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-02-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0907.json b/2017/0xxx/CVE-2017-0907.json index d53b6eb93cc..d94c073e0ff 100644 --- a/2017/0xxx/CVE-2017-0907.json +++ b/2017/0xxx/CVE-2017-0907.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2017-11-06T00:00:00", - "ID" : "CVE-2017-0907", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "recurly-api-client .NET library", - "version" : { - "version_data" : [ - { - "version_value" : "Versions before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Recurly" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of \"Uri.EscapeUriString\" that could result in compromise of API keys or other critical resources." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Server-Side Request Forgery (SSRF) (CWE-918)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2017-11-06T00:00:00", + "ID": "CVE-2017-0907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "recurly-api-client .NET library", + "version": { + "version_data": [ + { + "version_value": "Versions before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1" + } + ] + } + } + ] + }, + "vendor_name": "Recurly" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/288635", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/288635" - }, - { - "name" : "https://dev.recurly.com/page/net-updates", - "refsource" : "CONFIRM", - "url" : "https://dev.recurly.com/page/net-updates" - }, - { - "name" : "https://github.com/recurly/recurly-client-net/commit/9eef460c0084afd5c24d66220c8b7a381cf9a1f1", - "refsource" : "CONFIRM", - "url" : "https://github.com/recurly/recurly-client-net/commit/9eef460c0084afd5c24d66220c8b7a381cf9a1f1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of \"Uri.EscapeUriString\" that could result in compromise of API keys or other critical resources." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server-Side Request Forgery (SSRF) (CWE-918)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/288635", + "refsource": "MISC", + "url": "https://hackerone.com/reports/288635" + }, + { + "name": "https://github.com/recurly/recurly-client-net/commit/9eef460c0084afd5c24d66220c8b7a381cf9a1f1", + "refsource": "CONFIRM", + "url": "https://github.com/recurly/recurly-client-net/commit/9eef460c0084afd5c24d66220c8b7a381cf9a1f1" + }, + { + "name": "https://dev.recurly.com/page/net-updates", + "refsource": "CONFIRM", + "url": "https://dev.recurly.com/page/net-updates" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000024.json b/2017/1000xxx/CVE-2017-1000024.json index 010301a2c33..a6d2e983614 100644 --- a/2017/1000xxx/CVE-2017-1000024.json +++ b/2017/1000xxx/CVE-2017-1000024.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-05-06T20:43:28.274364", - "ID" : "CVE-2017-1000024", - "REQUESTER" : "mail@jensge.org", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Shotwell", - "version" : { - "version_data" : [ - { - "version_value" : "0.24.4 and older or 0.25.3 and older" - } - ] - } - } - ] - }, - "vendor_name" : "Shotwell" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-319, Cleartext Transmission of Sensitive Information" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-05-06T20:43:28.274364", + "ID": "CVE-2017-1000024", + "REQUESTER": "mail@jensge.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[shotwell] 20170131 ATTENTION! Shotwell 0.24.5 and 0.25.4 released", - "refsource" : "MLIST", - "url" : "https://mail.gnome.org/archives/shotwell-list/2017-January/msg00048.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[shotwell] 20170131 ATTENTION! Shotwell 0.24.5 and 0.25.4 released", + "refsource": "MLIST", + "url": "https://mail.gnome.org/archives/shotwell-list/2017-January/msg00048.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000430.json b/2017/1000xxx/CVE-2017-1000430.json index 184495cbaf6..f4b713d770e 100644 --- a/2017/1000xxx/CVE-2017-1000430.json +++ b/2017/1000xxx/CVE-2017-1000430.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-12-29", - "ID" : "CVE-2017-1000430", - "REQUESTER" : "coreyf@rwell.org", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "rust-base64", - "version" : { - "version_data" : [ - { - "version_value" : "< 0.5.2" - } - ] - } - } - ] - }, - "vendor_name" : "rust-base64" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rust-base64 version <= 0.5.1 is vulnerable to a buffer overflow when calculating the size of a buffer to use when encoding base64 using the 'encode_config_buf' and 'encode_config' functions" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-12-29", + "ID": "CVE-2017-1000430", + "REQUESTER": "coreyf@rwell.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/RustSec/advisory-db/blob/master/crates/base64/RUSTSEC-2017-0004.toml", - "refsource" : "MISC", - "url" : "https://github.com/RustSec/advisory-db/blob/master/crates/base64/RUSTSEC-2017-0004.toml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rust-base64 version <= 0.5.1 is vulnerable to a buffer overflow when calculating the size of a buffer to use when encoding base64 using the 'encode_config_buf' and 'encode_config' functions" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/RustSec/advisory-db/blob/master/crates/base64/RUSTSEC-2017-0004.toml", + "refsource": "MISC", + "url": "https://github.com/RustSec/advisory-db/blob/master/crates/base64/RUSTSEC-2017-0004.toml" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18296.json b/2017/18xxx/CVE-2017-18296.json index 560c441b6d5..e886effdb3b 100644 --- a/2017/18xxx/CVE-2017-18296.json +++ b/2017/18xxx/CVE-2017-18296.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-18296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Access control on applications is not applied while accessing SafeSwitch services can lead to improper access in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Access Control in Safeswitch" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-18296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components" - }, - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - }, - { - "name" : "1041432", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Access control on applications is not applied while accessing SafeSwitch services can lead to improper access in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control in Safeswitch" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "1041432", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041432" + }, + { + "name": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1529.json b/2017/1xxx/CVE-2017-1529.json index 7e0d3e8a38b..535c2465f8f 100644 --- a/2017/1xxx/CVE-2017-1529.json +++ b/2017/1xxx/CVE-2017-1529.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1529", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1529", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1796.json b/2017/1xxx/CVE-2017-1796.json index 0e686280b9a..c0df1613ad6 100644 --- a/2017/1xxx/CVE-2017-1796.json +++ b/2017/1xxx/CVE-2017-1796.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1796", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1796", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1927.json b/2017/1xxx/CVE-2017-1927.json index 9e5d91f6574..6fbb4737f3f 100644 --- a/2017/1xxx/CVE-2017-1927.json +++ b/2017/1xxx/CVE-2017-1927.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1927", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1927", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1998.json b/2017/1xxx/CVE-2017-1998.json index 43ce87f7a64..b3acf06011c 100644 --- a/2017/1xxx/CVE-2017-1998.json +++ b/2017/1xxx/CVE-2017-1998.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1998", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1998", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4011.json b/2017/4xxx/CVE-2017-4011.json index c0ef475b594..fe2eeced95f 100644 --- a/2017/4xxx/CVE-2017-4011.json +++ b/2017/4xxx/CVE-2017-4011.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "PSIRT@McAfee.com", - "ID" : "CVE-2017-4011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Network Data Loss Prevention (NDLP)", - "version" : { - "version_data" : [ - { - "version_value" : "9.3.x" - } - ] - } - } - ] - }, - "vendor_name" : "McAfee" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Embedding Script (XSS) in HTTP Headers vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2017-4011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Network Data Loss Prevention (NDLP)", + "version": { + "version_data": [ + { + "version_value": "9.3.x" + } + ] + } + } + ] + }, + "vendor_name": "McAfee" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10198", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10198" - }, - { - "name" : "1038523", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Embedding Script (XSS) in HTTP Headers vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10198", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10198" + }, + { + "name": "1038523", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038523" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4048.json b/2017/4xxx/CVE-2017-4048.json index 8d312178caa..e62959c4ba7 100644 --- a/2017/4xxx/CVE-2017-4048.json +++ b/2017/4xxx/CVE-2017-4048.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4048", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4048", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4238.json b/2017/4xxx/CVE-2017-4238.json index 2303151b17d..15cf6ce0e7d 100644 --- a/2017/4xxx/CVE-2017-4238.json +++ b/2017/4xxx/CVE-2017-4238.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4238", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4238", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4666.json b/2017/4xxx/CVE-2017-4666.json index 14bef56be51..483f448db20 100644 --- a/2017/4xxx/CVE-2017-4666.json +++ b/2017/4xxx/CVE-2017-4666.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4666", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4666", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5921.json b/2017/5xxx/CVE-2017-5921.json index 651bf6f8354..c92fb7b3c8a 100644 --- a/2017/5xxx/CVE-2017-5921.json +++ b/2017/5xxx/CVE-2017-5921.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5921", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5921", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file