diff --git a/2006/3xxx/CVE-2006-3168.json b/2006/3xxx/CVE-2006-3168.json index faf48151f15..26c378b48e9 100644 --- a/2006/3xxx/CVE-2006-3168.json +++ b/2006/3xxx/CVE-2006-3168.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3168", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters in (b) index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3168", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060611 CS-Forum <= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436789/100/0/threaded" - }, - { - "name" : "http://www.acid-root.new.fr/advisories/csforum081.txt", - "refsource" : "MISC", - "url" : "http://www.acid-root.new.fr/advisories/csforum081.txt" - }, - { - "name" : "http://www.comscripts.com/scripts/php.cs-forum.643.html", - "refsource" : "CONFIRM", - "url" : "http://www.comscripts.com/scripts/php.cs-forum.643.html" - }, - { - "name" : "ADV-2006-2314", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2314" - }, - { - "name" : "26382", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26382" - }, - { - "name" : "26383", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26383" - }, - { - "name" : "20534", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20534" - }, - { - "name" : "1124", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1124" - }, - { - "name" : "csforum-read-index-sql-injection(27176)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters in (b) index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.comscripts.com/scripts/php.cs-forum.643.html", + "refsource": "CONFIRM", + "url": "http://www.comscripts.com/scripts/php.cs-forum.643.html" + }, + { + "name": "20534", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20534" + }, + { + "name": "ADV-2006-2314", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2314" + }, + { + "name": "csforum-read-index-sql-injection(27176)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27176" + }, + { + "name": "20060611 CS-Forum <= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436789/100/0/threaded" + }, + { + "name": "http://www.acid-root.new.fr/advisories/csforum081.txt", + "refsource": "MISC", + "url": "http://www.acid-root.new.fr/advisories/csforum081.txt" + }, + { + "name": "1124", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1124" + }, + { + "name": "26383", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26383" + }, + { + "name": "26382", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26382" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3292.json b/2006/3xxx/CVE-2006-3292.json index 0394abccfd8..6730d7c2ea7 100644 --- a/2006/3xxx/CVE-2006-3292.json +++ b/2006/3xxx/CVE-2006-3292.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the \"LIKE\" keyword in the searchdata parameter (search field)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060626 Jaws <= 0.6.2 'Search gadget' SQL injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438434/100/0/threaded" - }, - { - "name" : "http://retrogod.altervista.org/JAWS_062_sql.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/JAWS_062_sql.html" - }, - { - "name" : "http://www.jaws-project.com/index.php?blog/show/29", - "refsource" : "CONFIRM", - "url" : "http://www.jaws-project.com/index.php?blog/show/29" - }, - { - "name" : "18665", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18665" - }, - { - "name" : "ADV-2006-2546", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2546" - }, - { - "name" : "20842", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20842" - }, - { - "name" : "1165", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1165" - }, - { - "name" : "jaws-search-gadget-sql-injection(27334)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27334" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the \"LIKE\" keyword in the searchdata parameter (search field)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://retrogod.altervista.org/JAWS_062_sql.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/JAWS_062_sql.html" + }, + { + "name": "20842", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20842" + }, + { + "name": "jaws-search-gadget-sql-injection(27334)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27334" + }, + { + "name": "http://www.jaws-project.com/index.php?blog/show/29", + "refsource": "CONFIRM", + "url": "http://www.jaws-project.com/index.php?blog/show/29" + }, + { + "name": "1165", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1165" + }, + { + "name": "20060626 Jaws <= 0.6.2 'Search gadget' SQL injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438434/100/0/threaded" + }, + { + "name": "ADV-2006-2546", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2546" + }, + { + "name": "18665", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18665" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3834.json b/2006/3xxx/CVE-2006-3834.json index bb54cc6f599..4f62eed2d25 100644 --- a/2006/3xxx/CVE-2006-3834.json +++ b/2006/3xxx/CVE-2006-3834.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EJ3 TOPo 2.2.178 includes the password in cleartext in the ID field to index.php, which allows context-dependent attackers to obtain entry passwords via log files, referrers, or other vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060712 TOPo v.2.2.178 Account Reset", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439890/100/100/threaded" - }, - { - "name" : "1279", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1279" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EJ3 TOPo 2.2.178 includes the password in cleartext in the ID field to index.php, which allows context-dependent attackers to obtain entry passwords via log files, referrers, or other vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1279", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1279" + }, + { + "name": "20060712 TOPo v.2.2.178 Account Reset", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439890/100/100/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4573.json b/2006/4xxx/CVE-2006-4573.json index 9dcf0963f02..6650800e981 100644 --- a/2006/4xxx/CVE-2006-4573.json +++ b/2006/4xxx/CVE-2006-4573.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the \"utf8 combining characters handling\" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-4573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[screen-users] 20061023 Secfix release for screen: screen-4.0.3", - "refsource" : "MLIST", - "url" : "http://lists.gnu.org/archive/html/screen-users/2006-10/msg00028.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-734", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-734" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=305530", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=305530" - }, - { - "name" : "APPLE-SA-2007-05-24", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html" - }, - { - "name" : "DSA-1202", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1202" - }, - { - "name" : "GLSA-200611-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200611-01.xml" - }, - { - "name" : "MDKSA-2006:191", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:191" - }, - { - "name" : "OpenPKG-SA-2006.026", - "refsource" : "OPENPKG", - "url" : "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.026-screen.html" - }, - { - "name" : "SSA:2006-307-02", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.480775" - }, - { - "name" : "USN-370-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-370-1" - }, - { - "name" : "20727", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20727" - }, - { - "name" : "ADV-2006-4189", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4189" - }, - { - "name" : "ADV-2007-1939", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1939" - }, - { - "name" : "22583", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22583" - }, - { - "name" : "22573", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22573" - }, - { - "name" : "22611", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22611" - }, - { - "name" : "22647", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22647" - }, - { - "name" : "22649", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22649" - }, - { - "name" : "22707", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22707" - }, - { - "name" : "22726", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22726" - }, - { - "name" : "25402", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25402" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the \"utf8 combining characters handling\" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://docs.info.apple.com/article.html?artnum=305530", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=305530" + }, + { + "name": "ADV-2007-1939", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1939" + }, + { + "name": "SSA:2006-307-02", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.480775" + }, + { + "name": "MDKSA-2006:191", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:191" + }, + { + "name": "ADV-2006-4189", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4189" + }, + { + "name": "DSA-1202", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1202" + }, + { + "name": "APPLE-SA-2007-05-24", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html" + }, + { + "name": "USN-370-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-370-1" + }, + { + "name": "25402", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25402" + }, + { + "name": "22611", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22611" + }, + { + "name": "22573", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22573" + }, + { + "name": "22707", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22707" + }, + { + "name": "[screen-users] 20061023 Secfix release for screen: screen-4.0.3", + "refsource": "MLIST", + "url": "http://lists.gnu.org/archive/html/screen-users/2006-10/msg00028.html" + }, + { + "name": "20727", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20727" + }, + { + "name": "https://issues.rpath.com/browse/RPL-734", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-734" + }, + { + "name": "GLSA-200611-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200611-01.xml" + }, + { + "name": "OpenPKG-SA-2006.026", + "refsource": "OPENPKG", + "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.026-screen.html" + }, + { + "name": "22583", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22583" + }, + { + "name": "22726", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22726" + }, + { + "name": "22647", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22647" + }, + { + "name": "22649", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22649" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4893.json b/2006/4xxx/CVE-2006-4893.json index fcb7c3bd7fb..33bbb118194 100644 --- a/2006/4xxx/CVE-2006-4893.json +++ b/2006/4xxx/CVE-2006-4893.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060915 SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446108/100/0/threaded" - }, - { - "name" : "20061123 Re: SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452469/100/200/threaded" - }, - { - "name" : "http://nyubicrew.org/adv/Noge_adv_02.txt", - "refsource" : "MISC", - "url" : "http://nyubicrew.org/adv/Noge_adv_02.txt" - }, - { - "name" : "20046", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20046" - }, - { - "name" : "ADV-2006-3654", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3654" - }, - { - "name" : "28918", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28918" - }, - { - "name" : "21970", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21970" - }, - { - "name" : "1617", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3654", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3654" + }, + { + "name": "http://nyubicrew.org/adv/Noge_adv_02.txt", + "refsource": "MISC", + "url": "http://nyubicrew.org/adv/Noge_adv_02.txt" + }, + { + "name": "21970", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21970" + }, + { + "name": "20060915 SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446108/100/0/threaded" + }, + { + "name": "28918", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28918" + }, + { + "name": "20061123 Re: SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452469/100/200/threaded" + }, + { + "name": "20046", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20046" + }, + { + "name": "1617", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1617" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6005.json b/2006/6xxx/CVE-2006-6005.json index 3e911f9d1ab..e08ef14fca1 100644 --- a/2006/6xxx/CVE-2006-6005.json +++ b/2006/6xxx/CVE-2006-6005.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6005", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-6005", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6158.json b/2006/6xxx/CVE-2006-6158.json index e87cffd7746..5aaa6d3c0b5 100644 --- a/2006/6xxx/CVE-2006-6158.json +++ b/2006/6xxx/CVE-2006-6158.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061122 XSS in scriptat support InverseFlow Help Desk v2.31", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452397/100/0/threaded" - }, - { - "name" : "20061128 PMOS Help Desk/etc. SQL injection - source verify and more info", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-November/001148.html" - }, - { - "name" : "21250", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21250" - }, - { - "name" : "ADV-2006-4670", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4670" - }, - { - "name" : "ADV-2006-4671", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4671" - }, - { - "name" : "ADV-2006-4672", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4672" - }, - { - "name" : "30667", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30667" - }, - { - "name" : "34034", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/34034" - }, - { - "name" : "23052", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23052" - }, - { - "name" : "23070", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23070" - }, - { - "name" : "23071", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23071" - }, - { - "name" : "1928", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1928" - }, - { - "name" : "pmoshelpdesk-ticketview-xss(30489)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30489" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23071", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23071" + }, + { + "name": "ADV-2006-4672", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4672" + }, + { + "name": "30667", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30667" + }, + { + "name": "ADV-2006-4671", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4671" + }, + { + "name": "21250", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21250" + }, + { + "name": "23070", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23070" + }, + { + "name": "20061122 XSS in scriptat support InverseFlow Help Desk v2.31", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452397/100/0/threaded" + }, + { + "name": "ADV-2006-4670", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4670" + }, + { + "name": "34034", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/34034" + }, + { + "name": "pmoshelpdesk-ticketview-xss(30489)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30489" + }, + { + "name": "23052", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23052" + }, + { + "name": "20061128 PMOS Help Desk/etc. SQL injection - source verify and more info", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-November/001148.html" + }, + { + "name": "1928", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1928" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6429.json b/2006/6xxx/CVE-2006-6429.json index 68502e4abf1..ac2fac23eb8 100644 --- a/2006/6xxx/CVE-2006-6429.json +++ b/2006/6xxx/CVE-2006-6429.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify certain configuration settings via unspecified vectors involving the \"TFTP/BOOTP auto configuration option.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf" - }, - { - "name" : "21365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21365" - }, - { - "name" : "ADV-2006-4791", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4791" - }, - { - "name" : "23265", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23265" - }, - { - "name" : "xerox-tftpbootp-unauth-access(30676)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30676" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify certain configuration settings via unspecified vectors involving the \"TFTP/BOOTP auto configuration option.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_006_v1b.pdf" + }, + { + "name": "23265", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23265" + }, + { + "name": "21365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21365" + }, + { + "name": "ADV-2006-4791", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4791" + }, + { + "name": "xerox-tftpbootp-unauth-access(30676)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30676" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6862.json b/2006/6xxx/CVE-2006-6862.json index 1b16cb68044..6abda08de35 100644 --- a/2006/6xxx/CVE-2006-6862.json +++ b/2006/6xxx/CVE-2006-6862.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login/login.asp or (2) login/register.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061229 Spooky Login Multiple HTML Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455603/100/0/threaded" - }, - { - "name" : "21822", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21822" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login/login.asp or (2) login/register.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21822", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21822" + }, + { + "name": "20061229 Spooky Login Multiple HTML Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455603/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6902.json b/2006/6xxx/CVE-2006-6902.json index 64541411e0f..d716d5dafd1 100644 --- a/2006/6xxx/CVE-2006-6902.json +++ b/2006/6xxx/CVE-2006-6902.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455889/100/0/threaded" - }, - { - "name" : "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf", - "refsource" : "MISC", - "url" : "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf" - }, - { - "name" : "36143", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36143" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf", + "refsource": "MISC", + "url": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf" + }, + { + "name": "36143", + "refsource": "OSVDB", + "url": "http://osvdb.org/36143" + }, + { + "name": "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455889/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7118.json b/2006/7xxx/CVE-2006-7118.json index 4958ea96951..1a66a6575af 100644 --- a/2006/7xxx/CVE-2006-7118.json +++ b/2006/7xxx/CVE-2006-7118.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.asp in DMXReady Site Engine Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061114 Engine Manager SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451535/100/0/threaded" - }, - { - "name" : "21064", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21064" - }, - { - "name" : "2358", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2358" - }, - { - "name" : "enginemanager-index-sql-injection(30260)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.asp in DMXReady Site Engine Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "enginemanager-index-sql-injection(30260)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30260" + }, + { + "name": "21064", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21064" + }, + { + "name": "2358", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2358" + }, + { + "name": "20061114 Engine Manager SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451535/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2164.json b/2010/2xxx/CVE-2010-2164.json index 17606ded8ed..576d1dbe874 100644 --- a/2010/2xxx/CVE-2010-2164.json +++ b/2010/2xxx/CVE-2010-2164.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified \"image type within a certain function.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100610 Adobe Flash Player Use-After-Free Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=872" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-14.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-14.html" - }, - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "GLSA-201101-09", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201101-09.xml" - }, - { - "name" : "HPSBMA02547", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" - }, - { - "name" : "SSRT100179", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" - }, - { - "name" : "RHSA-2010:0464", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0464.html" - }, - { - "name" : "RHSA-2010:0470", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0470.html" - }, - { - "name" : "SUSE-SA:2010:024", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html" - }, - { - "name" : "SUSE-SR:2010:013", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" - }, - { - "name" : "TLSA-2010-19", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt" - }, - { - "name" : "TA10-162A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-162A.html" - }, - { - "name" : "40759", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40759" - }, - { - "name" : "40780", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40780" - }, - { - "name" : "oval:org.mitre.oval:def:6765", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6765" - }, - { - "name" : "oval:org.mitre.oval:def:15798", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15798" - }, - { - "name" : "1024085", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024085" - }, - { - "name" : "1024086", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024086" - }, - { - "name" : "40144", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40144" - }, - { - "name" : "40545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40545" - }, - { - "name" : "43026", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43026" - }, - { - "name" : "ADV-2010-1453", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1453" - }, - { - "name" : "ADV-2010-1421", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1421" - }, - { - "name" : "ADV-2010-1432", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1432" - }, - { - "name" : "ADV-2010-1434", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1434" - }, - { - "name" : "ADV-2010-1482", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1482" - }, - { - "name" : "ADV-2010-1522", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1522" - }, - { - "name" : "ADV-2010-1793", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1793" - }, - { - "name" : "ADV-2011-0192", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified \"image type within a certain function.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0192", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0192" + }, + { + "name": "ADV-2010-1421", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1421" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "40545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40545" + }, + { + "name": "oval:org.mitre.oval:def:15798", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15798" + }, + { + "name": "RHSA-2010:0464", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html" + }, + { + "name": "ADV-2010-1793", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1793" + }, + { + "name": "43026", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43026" + }, + { + "name": "ADV-2010-1432", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1432" + }, + { + "name": "GLSA-201101-09", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml" + }, + { + "name": "TA10-162A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html" + }, + { + "name": "20100610 Adobe Flash Player Use-After-Free Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=872" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "40759", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40759" + }, + { + "name": "1024085", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024085" + }, + { + "name": "SUSE-SR:2010:013", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" + }, + { + "name": "1024086", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024086" + }, + { + "name": "ADV-2010-1434", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1434" + }, + { + "name": "TLSA-2010-19", + "refsource": "TURBO", + "url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt" + }, + { + "name": "SSRT100179", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" + }, + { + "name": "SUSE-SA:2010:024", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-14.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html" + }, + { + "name": "40144", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40144" + }, + { + "name": "RHSA-2010:0470", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html" + }, + { + "name": "ADV-2010-1482", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1482" + }, + { + "name": "HPSBMA02547", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" + }, + { + "name": "ADV-2010-1522", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1522" + }, + { + "name": "oval:org.mitre.oval:def:6765", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6765" + }, + { + "name": "40780", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40780" + }, + { + "name": "ADV-2010-1453", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1453" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0099.json b/2011/0xxx/CVE-2011-0099.json index 4de16b9d1e3..7d1987c4611 100644 --- a/2011/0xxx/CVE-2011-0099.json +++ b/2011/0xxx/CVE-2011-0099.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0099", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-0099", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0134.json b/2011/0xxx/CVE-2011-0134.json index 502eac150c5..0a9e0ff8e0e 100644 --- a/2011/0xxx/CVE-2011-0134.json +++ b/2011/0xxx/CVE-2011-0134.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4554", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4554" - }, - { - "name" : "http://support.apple.com/kb/HT4564", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4564" - }, - { - "name" : "http://support.apple.com/kb/HT4566", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4566" - }, - { - "name" : "APPLE-SA-2011-03-02-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-03-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" - }, - { - "name" : "APPLE-SA-2011-03-09-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" - }, - { - "name" : "oval:org.mitre.oval:def:17059", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17059" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4564", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4564" + }, + { + "name": "http://support.apple.com/kb/HT4566", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4566" + }, + { + "name": "oval:org.mitre.oval:def:17059", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17059" + }, + { + "name": "APPLE-SA-2011-03-02-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" + }, + { + "name": "APPLE-SA-2011-03-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT4554", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4554" + }, + { + "name": "APPLE-SA-2011-03-09-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0490.json b/2011/0xxx/CVE-2011-0490.json index 3734a54f08e..e774f5f57fc 100644 --- a/2011/0xxx/CVE-2011-0490.json +++ b/2011/0xxx/CVE-2011-0490.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0490", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to Libevent within Libevent log handlers, which might allow remote attackers to cause a denial of service (daemon crash) via vectors that trigger certain log messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0490", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[or-announce] 20110117 Tor 0.2.1.29 is released (security patches)", - "refsource" : "MLIST", - "url" : "http://archives.seul.org/or/announce/Jan-2011/msg00000.html" - }, - { - "name" : "http://blog.torproject.org/blog/tor-02129-released-security-patches", - "refsource" : "CONFIRM", - "url" : "http://blog.torproject.org/blog/tor-02129-released-security-patches" - }, - { - "name" : "https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog", - "refsource" : "CONFIRM", - "url" : "https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog" - }, - { - "name" : "https://trac.torproject.org/projects/tor/ticket/2190", - "refsource" : "CONFIRM", - "url" : "https://trac.torproject.org/projects/tor/ticket/2190" - }, - { - "name" : "45953", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45953" - }, - { - "name" : "tor-libevent-dos(64889)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to Libevent within Libevent log handlers, which might allow remote attackers to cause a denial of service (daemon crash) via vectors that trigger certain log messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[or-announce] 20110117 Tor 0.2.1.29 is released (security patches)", + "refsource": "MLIST", + "url": "http://archives.seul.org/or/announce/Jan-2011/msg00000.html" + }, + { + "name": "https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog", + "refsource": "CONFIRM", + "url": "https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog" + }, + { + "name": "http://blog.torproject.org/blog/tor-02129-released-security-patches", + "refsource": "CONFIRM", + "url": "http://blog.torproject.org/blog/tor-02129-released-security-patches" + }, + { + "name": "tor-libevent-dos(64889)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64889" + }, + { + "name": "https://trac.torproject.org/projects/tor/ticket/2190", + "refsource": "CONFIRM", + "url": "https://trac.torproject.org/projects/tor/ticket/2190" + }, + { + "name": "45953", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45953" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1213.json b/2011/1xxx/CVE-2011-1213.json index 0b405f36a0c..7201e365acc 100644 --- a/2011/1xxx/CVE-2011-1213.json +++ b/2011/1xxx/CVE-2011-1213.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110524 IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=904" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21500034", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21500034" - }, - { - "name" : "47962", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47962" - }, - { - "name" : "oval:org.mitre.oval:def:14634", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14634" - }, - { - "name" : "44624", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44624" - }, - { - "name" : "8285", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8285" - }, - { - "name" : "lotus-notes-lzhsr-bo(67620)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21500034", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21500034" + }, + { + "name": "47962", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47962" + }, + { + "name": "20110524 IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=904" + }, + { + "name": "44624", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44624" + }, + { + "name": "lotus-notes-lzhsr-bo(67620)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67620" + }, + { + "name": "oval:org.mitre.oval:def:14634", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14634" + }, + { + "name": "8285", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8285" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1320.json b/2011/1xxx/CVE-2011-1320.json index 111f9b67af9..bdf5b80700c 100644 --- a/2011/1xxx/CVE-2011-1320.json +++ b/2011/1xxx/CVE-2011-1320.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote attackers to access the server by leveraging an unattended workstation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" - }, - { - "name" : "PM21536", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM21536" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote attackers to access the server by leveraging an unattended workstation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PM21536", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM21536" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1578.json b/2011/1xxx/CVE-2011-1578.json index 9eee34e9d45..a1540961580 100644 --- a/2011/1xxx/CVE-2011-1578.json +++ b/2011/1xxx/CVE-2011-1578.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[mediawiki-announce] 20110412 MediaWiki security release 1.16.3", - "refsource" : "MLIST", - "url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html" - }, - { - "name" : "[oss-security] 20110413 Re: CVE request: mediawiki 1.16.3", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/13/15" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=695577", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=695577" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=696360", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=696360" - }, - { - "name" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=28235", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=28235" - }, - { - "name" : "DSA-2366", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2366" - }, - { - "name" : "FEDORA-2011-5495", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html" - }, - { - "name" : "FEDORA-2011-5807", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html" - }, - { - "name" : "FEDORA-2011-5812", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html" - }, - { - "name" : "FEDORA-2011-5848", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html" - }, - { - "name" : "47354", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47354" - }, - { - "name" : "44142", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44142" - }, - { - "name" : "ADV-2011-0978", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0978" - }, - { - "name" : "ADV-2011-1100", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/1100" - }, - { - "name" : "ADV-2011-1151", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/1151" - }, - { - "name" : "mediawiki-file-extensions-xss(66737)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66737" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mediawiki-file-extensions-xss(66737)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66737" + }, + { + "name": "FEDORA-2011-5495", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html" + }, + { + "name": "ADV-2011-0978", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0978" + }, + { + "name": "FEDORA-2011-5807", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html" + }, + { + "name": "47354", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47354" + }, + { + "name": "44142", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44142" + }, + { + "name": "FEDORA-2011-5848", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html" + }, + { + "name": "ADV-2011-1151", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/1151" + }, + { + "name": "DSA-2366", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2366" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=696360", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696360" + }, + { + "name": "[mediawiki-announce] 20110412 MediaWiki security release 1.16.3", + "refsource": "MLIST", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html" + }, + { + "name": "ADV-2011-1100", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/1100" + }, + { + "name": "FEDORA-2011-5812", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=695577", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=695577" + }, + { + "name": "[oss-security] 20110413 Re: CVE request: mediawiki 1.16.3", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/13/15" + }, + { + "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28235", + "refsource": "CONFIRM", + "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28235" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1666.json b/2011/1xxx/CVE-2011-1666.json index 45e66aa8532..89f8e671b88 100644 --- a/2011/1xxx/CVE-2011-1666.json +++ b/2011/1xxx/CVE-2011-1666.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1666", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Metaways Tine 2.0 allows remote attackers to obtain sensitive information via unknown vectors in (1) Crm/Controller.php, (2) Crm/Export/Csv.php, or (3) Calendar/Model/Attender.php, which reveal the full installation path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110331 HTB22909: Path disclosure in Tine 2.0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517269/100/0/threaded" - }, - { - "name" : "http://www.htbridge.ch/advisory/path_disclosure_in_tine_2_0.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/path_disclosure_in_tine_2_0.html" - }, - { - "name" : "47102", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47102" - }, - { - "name" : "8191", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8191" - }, - { - "name" : "tine-multiple-info-disc(66558)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66558" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Metaways Tine 2.0 allows remote attackers to obtain sensitive information via unknown vectors in (1) Crm/Controller.php, (2) Crm/Export/Csv.php, or (3) Calendar/Model/Attender.php, which reveal the full installation path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.htbridge.ch/advisory/path_disclosure_in_tine_2_0.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/path_disclosure_in_tine_2_0.html" + }, + { + "name": "47102", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47102" + }, + { + "name": "tine-multiple-info-disc(66558)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66558" + }, + { + "name": "8191", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8191" + }, + { + "name": "20110331 HTB22909: Path disclosure in Tine 2.0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517269/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3639.json b/2011/3xxx/CVE-2011-3639.json index ca4dad8abb3..c7678b4540c 100644 --- a/2011/3xxx/CVE-2011-3639.json +++ b/2011/3xxx/CVE-2011-3639.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1188745", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1188745" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=752080", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=752080" - }, - { - "name" : "DSA-2405", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2405" - }, - { - "name" : "RHSA-2012:0128", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0128.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=752080", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=752080" + }, + { + "name": "RHSA-2012:0128", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0128.html" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1188745", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1188745" + }, + { + "name": "DSA-2405", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2405" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4119.json b/2011/4xxx/CVE-2011-4119.json index ccd8759e020..8850d0a998e 100644 --- a/2011/4xxx/CVE-2011-4119.json +++ b/2011/4xxx/CVE-2011-4119.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4119", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4119", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4331.json b/2011/4xxx/CVE-2011-4331.json index 1cd92406657..08bdadd6eeb 100644 --- a/2011/4xxx/CVE-2011-4331.json +++ b/2011/4xxx/CVE-2011-4331.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4331", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4110. Reason: This candidate is a duplicate of CVE-2011-4110. Notes: All CVE users should reference CVE-2011-4110 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4331", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4110. Reason: This candidate is a duplicate of CVE-2011-4110. Notes: All CVE users should reference CVE-2011-4110 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4333.json b/2011/4xxx/CVE-2011-4333.json index e4195c21776..1cbbe3a3b70 100644 --- a/2011/4xxx/CVE-2011-4333.json +++ b/2011/4xxx/CVE-2011-4333.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4333", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) from parameter to index.php or the (2) page_no parameter to recentchanges.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4333", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111121 CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/11/21/16" - }, - { - "name" : "[oss-security] 20140208 Fwd: Old CVE ids, public, but still", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/02/08/5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) from parameter to index.php or the (2) page_no parameter to recentchanges.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20111121 CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/11/21/16" + }, + { + "name": "[oss-security] 20140208 Fwd: Old CVE ids, public, but still", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/02/08/5" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4896.json b/2011/4xxx/CVE-2011-4896.json index 3aacd7debda..75f1be05bff 100644 --- a/2011/4xxx/CVE-2011-4896.json +++ b/2011/4xxx/CVE-2011-4896.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might allow remote attackers to obtain sensitive information about clients in opportunistic circumstances by monitoring network traffic to the bridge port." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.torproject.org/blog/tor-02224-alpha-out", - "refsource" : "CONFIRM", - "url" : "https://blog.torproject.org/blog/tor-02224-alpha-out" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might allow remote attackers to obtain sensitive information about clients in opportunistic circumstances by monitoring network traffic to the bridge port." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.torproject.org/blog/tor-02224-alpha-out", + "refsource": "CONFIRM", + "url": "https://blog.torproject.org/blog/tor-02224-alpha-out" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4900.json b/2011/4xxx/CVE-2011-4900.json index c557f511e44..3ed61a9ae6d 100644 --- a/2011/4xxx/CVE-2011-4900.json +++ b/2011/4xxx/CVE-2011-4900.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4900", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4900", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5147.json b/2011/5xxx/CVE-2011-5147.json index de02ec82303..21df087d6b8 100644 --- a/2011/5xxx/CVE-2011-5147.json +++ b/2011/5xxx/CVE-2011-5147.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Static code injection vulnerability in ajax_save_name.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajax_file_cut.php and then to ajax_save_name.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18121", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18121" - }, - { - "name" : "http://www.freewebshop.org/forum/index.php?topic=5235.0", - "refsource" : "MISC", - "url" : "http://www.freewebshop.org/forum/index.php?topic=5235.0" - }, - { - "name" : "77162", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/77162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Static code injection vulnerability in ajax_save_name.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajax_file_cut.php and then to ajax_save_name.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18121", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18121" + }, + { + "name": "77162", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/77162" + }, + { + "name": "http://www.freewebshop.org/forum/index.php?topic=5235.0", + "refsource": "MISC", + "url": "http://www.freewebshop.org/forum/index.php?topic=5235.0" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2264.json b/2014/2xxx/CVE-2014-2264.json index 78ab8c3ddfd..f8eb99e01fe 100644 --- a/2014/2xxx/CVE-2014-2264.json +++ b/2014/2xxx/CVE-2014-2264.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2264", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2264", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forum.synology.com/enu/viewtopic.php?f=173&t=77644", - "refsource" : "MISC", - "url" : "http://forum.synology.com/enu/viewtopic.php?f=173&t=77644" - }, - { - "name" : "VU#534284", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/534284" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://forum.synology.com/enu/viewtopic.php?f=173&t=77644", + "refsource": "MISC", + "url": "http://forum.synology.com/enu/viewtopic.php?f=173&t=77644" + }, + { + "name": "VU#534284", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/534284" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2297.json b/2014/2xxx/CVE-2014-2297.json index ad43842afd4..f864a17556e 100644 --- a/2014/2xxx/CVE-2014-2297.json +++ b/2014/2xxx/CVE-2014-2297.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. NOTE: vector 1 may overlap CVE-2014-1906.4." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140408 Re: CVE-2014-2297(WordPress-videowhisper-live-streaming-integration 4.29.6-Xss)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/531773/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. NOTE: vector 1 may overlap CVE-2014-1906.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140408 Re: CVE-2014-2297(WordPress-videowhisper-live-streaming-integration 4.29.6-Xss)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/531773/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2316.json b/2014/2xxx/CVE-2014-2316.json index 87cd919e1f4..fdd26834789 100644 --- a/2014/2xxx/CVE-2014-2316.json +++ b/2014/2xxx/CVE-2014-2316.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in se_search_default in the Search Everything plugin before 7.0.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the s parameter to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wordpress.org/plugins/search-everything/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/plugins/search-everything/changelog/" - }, - { - "name" : "65765", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65765" - }, - { - "name" : "56820", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56820" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in se_search_default in the Search Everything plugin before 7.0.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the s parameter to index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "65765", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65765" + }, + { + "name": "56820", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56820" + }, + { + "name": "http://wordpress.org/plugins/search-everything/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/plugins/search-everything/changelog/" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2470.json b/2014/2xxx/CVE-2014-2470.json index 2e22d316943..1b42a225a6a 100644 --- a/2014/2xxx/CVE-2014-2470.json +++ b/2014/2xxx/CVE-2014-2470.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Security." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-2470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21680702", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21680702" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg24038065", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg24038065" - }, - { - "name" : "59847", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59847" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Security." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg24038065", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg24038065" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21680702", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21680702" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" + }, + { + "name": "59847", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59847" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2502.json b/2014/2xxx/CVE-2014-2502.json index 761eb350f5e..ec52d04dc04 100644 --- a/2014/2xxx/CVE-2014-2502.json +++ b/2014/2xxx/CVE-2014-2502.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in rsa_fso.swf in EMC RSA Adaptive Authentication (Hosted) 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2014-2502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140602 ESA-2014-032: RSA Adaptive Authentication (Hosted) DOM Cross-Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0012.html" - }, - { - "name" : "http://packetstormsecurity.com/files/126897/RSA-Adaptive-Authentication-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126897/RSA-Adaptive-Authentication-Cross-Site-Scripting.html" - }, - { - "name" : "67792", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67792" - }, - { - "name" : "1030323", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030323" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in rsa_fso.swf in EMC RSA Adaptive Authentication (Hosted) 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140602 ESA-2014-032: RSA Adaptive Authentication (Hosted) DOM Cross-Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0012.html" + }, + { + "name": "1030323", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030323" + }, + { + "name": "67792", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67792" + }, + { + "name": "http://packetstormsecurity.com/files/126897/RSA-Adaptive-Authentication-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126897/RSA-Adaptive-Authentication-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3015.json b/2014/3xxx/CVE-2014-3015.json index 89c7d4df45d..f8cfe1d189b 100644 --- a/2014/3xxx/CVE-2014-3015.json +++ b/2014/3xxx/CVE-2014-3015.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Web player in IBM Sametime Proxy Server and Web Client 9.0 through 9.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21673260", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21673260" - }, - { - "name" : "ibm-sametime-cve20143015-csrf(93026)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93026" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Web player in IBM Sametime Proxy Server and Web Client 9.0 through 9.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-sametime-cve20143015-csrf(93026)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93026" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21673260", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673260" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6251.json b/2014/6xxx/CVE-2014-6251.json index c92e7ac6b76..8ac0c0caea0 100644 --- a/2014/6xxx/CVE-2014-6251.json +++ b/2014/6xxx/CVE-2014-6251.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the overflow with a mining.notify request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141007 CVE-2014-6251 : Stack Overflow in CPUMiner When Submitting Upstream Work", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Oct/29" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the overflow with a mining.notify request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141007 CVE-2014-6251 : Stack Overflow in CPUMiner When Submitting Upstream Work", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Oct/29" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6273.json b/2014/6xxx/CVE-2014-6273.json index e45c0b3e535..46d895f7189 100644 --- a/2014/6xxx/CVE-2014-6273.json +++ b/2014/6xxx/CVE-2014-6273.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2014-6273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-3031", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3031" - }, - { - "name" : "USN-2353-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2353-1" - }, - { - "name" : "70075", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70075" - }, - { - "name" : "61605", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61605" - }, - { - "name" : "61710", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61710" - }, - { - "name" : "apt-cve20146273-bo(96151)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96151" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2353-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2353-1" + }, + { + "name": "70075", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70075" + }, + { + "name": "61710", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61710" + }, + { + "name": "apt-cve20146273-bo(96151)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96151" + }, + { + "name": "DSA-3031", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3031" + }, + { + "name": "61605", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61605" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6295.json b/2014/6xxx/CVE-2014-6295.json index 9cd68476293..fb9a12a5165 100644 --- a/2014/6xxx/CVE-2014-6295.json +++ b/2014/6xxx/CVE-2014-6295.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/", - "refsource" : "MISC", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/" - }, - { - "name" : "http://typo3.org/extensions/repository/view/wec_map", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/wec_map" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/", + "refsource": "MISC", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/" + }, + { + "name": "http://typo3.org/extensions/repository/view/wec_map", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/wec_map" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6481.json b/2014/6xxx/CVE-2014-6481.json index 611a077d915..6f13af7416b 100644 --- a/2014/6xxx/CVE-2014-6481.json +++ b/2014/6xxx/CVE-2014-6481.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect confidentiality via vectors related to KSSL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "1031583", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect confidentiality via vectors related to KSSL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031583", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031583" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6605.json b/2014/6xxx/CVE-2014-6605.json index 4890f2568be..ea973976120 100644 --- a/2014/6xxx/CVE-2014-6605.json +++ b/2014/6xxx/CVE-2014-6605.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6605", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6605", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6810.json b/2014/6xxx/CVE-2014-6810.json index 3309ac7d7d6..d0410f5ce3b 100644 --- a/2014/6xxx/CVE-2014-6810.json +++ b/2014/6xxx/CVE-2014-6810.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RIMS 2014 Annual Conference (aka com.coreapps.android.followme.rims2014) application 6.0.7.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#998561", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/998561" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RIMS 2014 Annual Conference (aka com.coreapps.android.followme.rims2014) application 6.0.7.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#998561", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/998561" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6868.json b/2014/6xxx/CVE-2014-6868.json index bb7290ca805..69b6c13ddf9 100644 --- a/2014/6xxx/CVE-2014-6868.json +++ b/2014/6xxx/CVE-2014-6868.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6868", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DS audio (aka com.synology.DSaudio) application 3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6868", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#981313", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/981313" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DS audio (aka com.synology.DSaudio) application 3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#981313", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/981313" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7138.json b/2014/7xxx/CVE-2014-7138.json index 0781960821e..6edf445e463 100644 --- a/2014/7xxx/CVE-2014-7138.json +++ b/2014/7xxx/CVE-2014-7138.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gce_feed_ids parameter in a gce_ajax action to wp-admin/admin-ajax.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141008 Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533640/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/128626/WordPress-Google-Calendar-Events-2.0.1-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128626/WordPress-Google-Calendar-Events-2.0.1-Cross-Site-Scripting.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23235", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23235" - }, - { - "name" : "https://github.com/pderksen/WP-Google-Calendar-Events/commit/a701ceeb410bdda9d96c9d3d12104630df5d5b43", - "refsource" : "CONFIRM", - "url" : "https://github.com/pderksen/WP-Google-Calendar-Events/commit/a701ceeb410bdda9d96c9d3d12104630df5d5b43" - }, - { - "name" : "https://wordpress.org/plugins/google-calendar-events/changelog", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/google-calendar-events/changelog" - }, - { - "name" : "70370", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70370" - }, - { - "name" : "wp-googlecalendarevents-cve20147138-xss(96867)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gce_feed_ids parameter in a gce_ajax action to wp-admin/admin-ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70370", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70370" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23235", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23235" + }, + { + "name": "https://github.com/pderksen/WP-Google-Calendar-Events/commit/a701ceeb410bdda9d96c9d3d12104630df5d5b43", + "refsource": "CONFIRM", + "url": "https://github.com/pderksen/WP-Google-Calendar-Events/commit/a701ceeb410bdda9d96c9d3d12104630df5d5b43" + }, + { + "name": "wp-googlecalendarevents-cve20147138-xss(96867)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96867" + }, + { + "name": "20141008 Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533640/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/128626/WordPress-Google-Calendar-Events-2.0.1-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128626/WordPress-Google-Calendar-Events-2.0.1-Cross-Site-Scripting.html" + }, + { + "name": "https://wordpress.org/plugins/google-calendar-events/changelog", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/google-calendar-events/changelog" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7221.json b/2014/7xxx/CVE-2014-7221.json index b948f8f1e86..2c35313ab26 100644 --- a/2014/7xxx/CVE-2014-7221.json +++ b/2014/7xxx/CVE-2014-7221.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7221", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (buffer overflow and application crash) by connecting to a channel with a different client instance, and placing crafted data in the Chat/Server tab containing [img]//http:// substrings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7221", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://r4p3.net/forum/reverse-engineering/38/teamspeak-3-exploit-bb-code-freeze-crash-not-responding/905", - "refsource" : "MISC", - "url" : "http://r4p3.net/forum/reverse-engineering/38/teamspeak-3-exploit-bb-code-freeze-crash-not-responding/905" - }, - { - "name" : "http://r4p3.net/public/ts3bbcodefreeze.txt", - "refsource" : "MISC", - "url" : "http://r4p3.net/public/ts3bbcodefreeze.txt" - }, - { - "name" : "https://packetstormsecurity.com/files/128571/TeamSpeak-Client-3.0.14-Buffer-Overflow.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/128571/TeamSpeak-Client-3.0.14-Buffer-Overflow.html" - }, - { - "name" : "70219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70219" - }, - { - "name" : "teamspeakclient-cve20147221-bo(96889)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (buffer overflow and application crash) by connecting to a channel with a different client instance, and placing crafted data in the Chat/Server tab containing [img]//http:// substrings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70219" + }, + { + "name": "teamspeakclient-cve20147221-bo(96889)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96889" + }, + { + "name": "http://r4p3.net/forum/reverse-engineering/38/teamspeak-3-exploit-bb-code-freeze-crash-not-responding/905", + "refsource": "MISC", + "url": "http://r4p3.net/forum/reverse-engineering/38/teamspeak-3-exploit-bb-code-freeze-crash-not-responding/905" + }, + { + "name": "http://r4p3.net/public/ts3bbcodefreeze.txt", + "refsource": "MISC", + "url": "http://r4p3.net/public/ts3bbcodefreeze.txt" + }, + { + "name": "https://packetstormsecurity.com/files/128571/TeamSpeak-Client-3.0.14-Buffer-Overflow.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/128571/TeamSpeak-Client-3.0.14-Buffer-Overflow.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7385.json b/2014/7xxx/CVE-2014-7385.json index 71392a02ce0..09032723d68 100644 --- a/2014/7xxx/CVE-2014-7385.json +++ b/2014/7xxx/CVE-2014-7385.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Aperture Mobile Media (aka com.app_aperturemobilemedia.layout) application 1.404 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#852041", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/852041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Aperture Mobile Media (aka com.app_aperturemobilemedia.layout) application 1.404 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#852041", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/852041" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7386.json b/2014/7xxx/CVE-2014-7386.json index 5389b73cdcc..f22fa98cc48 100644 --- a/2014/7xxx/CVE-2014-7386.json +++ b/2014/7xxx/CVE-2014-7386.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7386", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7386", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0454.json b/2017/0xxx/CVE-2017-0454.json index 406c4f735da..40c61bda7a9 100644 --- a/2017/0xxx/CVE-2017-0454.json +++ b/2017/0xxx/CVE-2017-0454.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm audio driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33353700. References: QC-CR#1104067." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-04-01" - }, - { - "name" : "97399", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97399" - }, - { - "name" : "1038201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm audio driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33353700. References: QC-CR#1104067." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-04-01" + }, + { + "name": "97399", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97399" + }, + { + "name": "1038201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038201" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0678.json b/2017/0xxx/CVE-2017-0678.json index 2c51e527a0e..bbb070c5a89 100644 --- a/2017/0xxx/CVE-2017-0678.json +++ b/2017/0xxx/CVE-2017-0678.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-07-05T00:00:00", - "ID" : "CVE-2017-0678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36576151." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-07-05T00:00:00", + "ID": "CVE-2017-0678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "99478", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36576151." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + }, + { + "name": "99478", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99478" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0756.json b/2017/0xxx/CVE-2017-0756.json index c532b18fc9e..12f71f2a94a 100644 --- a/2017/0xxx/CVE-2017-0756.json +++ b/2017/0xxx/CVE-2017-0756.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-09-05T00:00:00", - "ID" : "CVE-2017-0756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "4.4.4" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.1.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-09-05T00:00:00", + "ID": "CVE-2017-0756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "4.4.4" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "5.1.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "100649", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100649" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100649", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100649" + }, + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0945.json b/2017/0xxx/CVE-2017-0945.json index fdf5cf88c2b..e8a43ad0332 100644 --- a/2017/0xxx/CVE-2017-0945.json +++ b/2017/0xxx/CVE-2017-0945.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0945", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0945", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18042.json b/2017/18xxx/CVE-2017-18042.json index 237f28908ad..2cd7f641937 100644 --- a/2017/18xxx/CVE-2017-18042.json +++ b/2017/18xxx/CVE-2017-18042.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-02-02T00:00:00", - "ID" : "CVE-2017-18042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Bamboo", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 6.3.1" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Request Forgery (CSRF)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-02-02T00:00:00", + "ID": "CVE-2017-18042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bamboo", + "version": { + "version_data": [ + { + "version_value": "prior to 6.3.1" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/BAM-19663", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/BAM-19663" - }, - { - "name" : "103110", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103110", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103110" + }, + { + "name": "https://jira.atlassian.com/browse/BAM-19663", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/BAM-19663" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1503.json b/2017/1xxx/CVE-2017-1503.json index 784a5251fd7..d33ca274ac5 100644 --- a/2017/1xxx/CVE-2017-1503.json +++ b/2017/1xxx/CVE-2017-1503.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "IBM WebSphere Application Server ", - "version" : { - "version_data" : [ - { - "version_value" : "7.0, 8.0, 8.5, 9.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XSS" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "IBM WebSphere Application Server ", + "version": { + "version_data": [ + { + "version_value": "7.0, 8.0, 8.5, 9.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129578", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129578" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg22006815", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg22006815" - }, - { - "name" : "101234", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101234" - }, - { - "name" : "1039521", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039521" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101234", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101234" + }, + { + "name": "1039521", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039521" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg22006815", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22006815" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129578", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129578" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1576.json b/2017/1xxx/CVE-2017-1576.json index d67143bc2aa..a091236a80c 100644 --- a/2017/1xxx/CVE-2017-1576.json +++ b/2017/1xxx/CVE-2017-1576.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1576", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1576", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1600.json b/2017/1xxx/CVE-2017-1600.json index 393d3b411a4..a111bb47f4d 100644 --- a/2017/1xxx/CVE-2017-1600.json +++ b/2017/1xxx/CVE-2017-1600.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-12-18T00:00:00", - "ID" : "CVE-2017-1600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Guardium", - "version" : { - "version_data" : [ - { - "version_value" : "10.0" - }, - { - "version_value" : "10.0.1" - }, - { - "version_value" : "10.1" - }, - { - "version_value" : "10.1.2" - }, - { - "version_value" : "10.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132613." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-12-18T00:00:00", + "ID": "CVE-2017-1600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Guardium", + "version": { + "version_data": [ + { + "version_value": "10.0" + }, + { + "version_value": "10.0.1" + }, + { + "version_value": "10.1" + }, + { + "version_value": "10.1.2" + }, + { + "version_value": "10.1.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/132613", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/132613" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22009622", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22009622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132613." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132613", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132613" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22009622", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22009622" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5188.json b/2017/5xxx/CVE-2017-5188.json index 7ff130d79ba..1d2cae05618 100644 --- a/2017/5xxx/CVE-2017-5188.json +++ b/2017/5xxx/CVE-2017-5188.json @@ -1,103 +1,103 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@suse.com", - "DATE_PUBLIC" : "2017-03-17T00:00:00.000Z", - "ID" : "CVE-2017-5188", - "STATE" : "PUBLIC", - "TITLE" : "OBS worker VM escape via relative symbolic links" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "open build service", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "20170320" - } - ] - } - } - ] - }, - "vendor_name" : "openSUSE" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Fabian Vogt of SUSE" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "LOCAL", - "availabilityImpact" : "NONE", - "baseScore" : 5, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "NONE", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing checking for symlinks could use as a path traversal to read files outside of a specific directory." - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2017-03-17T00:00:00.000Z", + "ID": "CVE-2017-5188", + "STATE": "PUBLIC", + "TITLE": "OBS worker VM escape via relative symbolic links" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "open build service", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "20170320" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1029824", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1029824" - }, - { - "name" : "https://github.com/openSUSE/open-build-service/commit/ba27c91351878bc297ec4baba0bd488a2f3b568d", - "refsource" : "CONFIRM", - "url" : "https://github.com/openSUSE/open-build-service/commit/ba27c91351878bc297ec4baba0bd488a2f3b568d" - }, - { - "name" : "https://www.suse.com/de-de/security/cve/CVE-2017-5188/", - "refsource" : "CONFIRM", - "url" : "https://www.suse.com/de-de/security/cve/CVE-2017-5188/" - } - ] - }, - "source" : { - "defect" : [ - "https://bugzilla.suse.com/show_bug.cgi?id=1029824" - ], - "discovery" : "INTERNAL" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Fabian Vogt of SUSE" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing checking for symlinks could use as a path traversal to read files outside of a specific directory." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/openSUSE/open-build-service/commit/ba27c91351878bc297ec4baba0bd488a2f3b568d", + "refsource": "CONFIRM", + "url": "https://github.com/openSUSE/open-build-service/commit/ba27c91351878bc297ec4baba0bd488a2f3b568d" + }, + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1029824", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1029824" + }, + { + "name": "https://www.suse.com/de-de/security/cve/CVE-2017-5188/", + "refsource": "CONFIRM", + "url": "https://www.suse.com/de-de/security/cve/CVE-2017-5188/" + } + ] + }, + "source": { + "defect": [ + "https://bugzilla.suse.com/show_bug.cgi?id=1029824" + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5416.json b/2017/5xxx/CVE-2017-5416.json index eaacc8709a4..8704fa602b8 100644 --- a/2017/5xxx/CVE-2017-5416.json +++ b/2017/5xxx/CVE-2017-5416.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 52." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Null dereference crash in HttpChannel" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1328121", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1328121" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-05/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-05/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-09/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-09/" - }, - { - "name" : "96692", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96692" - }, - { - "name" : "1037966", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 52." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Null dereference crash in HttpChannel" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-09/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-09/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-05/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-05/" + }, + { + "name": "1037966", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037966" + }, + { + "name": "96692", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96692" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1328121", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1328121" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5636.json b/2017/5xxx/CVE-2017-5636.json index 98888d69e1e..921ca0cf780 100644 --- a/2017/5xxx/CVE-2017-5636.json +++ b/2017/5xxx/CVE-2017-5636.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2017-5636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache NiFi", - "version" : { - "version_data" : [ - { - "version_value" : "0.7.0" - }, - { - "version_value" : "0.7.1" - }, - { - "version_value" : "1.1.0" - }, - { - "version_value" : "1.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2017-5636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache NiFi", + "version": { + "version_data": [ + { + "version_value": "0.7.0" + }, + { + "version_value": "0.7.1" + }, + { + "version_value": "1.1.0" + }, + { + "version_value": "1.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nifi.apache.org/security.html#CVE-2017-5636", - "refsource" : "CONFIRM", - "url" : "https://nifi.apache.org/security.html#CVE-2017-5636" - }, - { - "name" : "96731", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96731" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96731", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96731" + }, + { + "name": "https://nifi.apache.org/security.html#CVE-2017-5636", + "refsource": "CONFIRM", + "url": "https://nifi.apache.org/security.html#CVE-2017-5636" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5678.json b/2017/5xxx/CVE-2017-5678.json index 4df6df43cc7..9a6d881483d 100644 --- a/2017/5xxx/CVE-2017-5678.json +++ b/2017/5xxx/CVE-2017-5678.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5678", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5678", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file