diff --git a/2006/3xxx/CVE-2006-3072.json b/2006/3xxx/CVE-2006-3072.json index 810bc6be213..fafab4eee03 100644 --- a/2006/3xxx/CVE-2006-3072.json +++ b/2006/3xxx/CVE-2006-3072.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "M4 Macro Library in Symantec Security Information Manager before 4.0.2.29 HOTFIX 1 allows local users to execute arbitrary commands via crafted \"rule definitions\", which produces dangerous Java code during M4 transformation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.06.13b.html", - "refsource" : "CONFIRM", - "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.06.13b.html" - }, - { - "name" : "18420", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18420" - }, - { - "name" : "ADV-2006-2334", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2334" - }, - { - "name" : "1016296", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016296" - }, - { - "name" : "20647", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20647" - }, - { - "name" : "symantec-sim-auth-bypass(27105)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "M4 Macro Library in Symantec Security Information Manager before 4.0.2.29 HOTFIX 1 allows local users to execute arbitrary commands via crafted \"rule definitions\", which produces dangerous Java code during M4 transformation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20647", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20647" + }, + { + "name": "ADV-2006-2334", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2334" + }, + { + "name": "18420", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18420" + }, + { + "name": "1016296", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016296" + }, + { + "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.06.13b.html", + "refsource": "CONFIRM", + "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.06.13b.html" + }, + { + "name": "symantec-sim-auth-bypass(27105)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27105" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3241.json b/2006/3xxx/CVE-2006-3241.json index d1b580163f0..82a333d58f7 100644 --- a/2006/3xxx/CVE-2006-3241.json +++ b/2006/3xxx/CVE-2006-3241.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3241", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in messages.php in XennoBB 1.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the tid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/xennobb-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/xennobb-xss-vuln.html" - }, - { - "name" : "18652", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18652" - }, - { - "name" : "ADV-2006-2510", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2510" - }, - { - "name" : "20797", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20797" - }, - { - "name" : "xennobb-messages-xss(27367)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27367" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in messages.php in XennoBB 1.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the tid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20797", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20797" + }, + { + "name": "xennobb-messages-xss(27367)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27367" + }, + { + "name": "18652", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18652" + }, + { + "name": "ADV-2006-2510", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2510" + }, + { + "name": "http://pridels0.blogspot.com/2006/06/xennobb-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/xennobb-xss-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3787.json b/2006/3xxx/CVE-2006-3787.json index 5c3978e13c7..a051734a1cb 100644 --- a/2006/3xxx/CVE-2006-3787.json +++ b/2006/3xxx/CVE-2006-3787.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3787", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 does not properly hook the CreateRemoteThread API function, which allows local users to cause a denial of service (crash) and bypass protection mechanisms by calling CreateRemoteThread." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060715 Kerio Terminating 'kpf4ss.exe' using internal runtime error Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440112/100/100/threaded" - }, - { - "name" : "http://www.matousec.com/info/advisories/Kerio-Terminating-kpf4ss-exe-using-internal-runtime-error.php", - "refsource" : "MISC", - "url" : "http://www.matousec.com/info/advisories/Kerio-Terminating-kpf4ss-exe-using-internal-runtime-error.php" - }, - { - "name" : "18996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18996" - }, - { - "name" : "ADV-2006-2828", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2828" - }, - { - "name" : "21060", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21060" - }, - { - "name" : "1260", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 does not properly hook the CreateRemoteThread API function, which allows local users to cause a denial of service (crash) and bypass protection mechanisms by calling CreateRemoteThread." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2828", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2828" + }, + { + "name": "18996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18996" + }, + { + "name": "http://www.matousec.com/info/advisories/Kerio-Terminating-kpf4ss-exe-using-internal-runtime-error.php", + "refsource": "MISC", + "url": "http://www.matousec.com/info/advisories/Kerio-Terminating-kpf4ss-exe-using-internal-runtime-error.php" + }, + { + "name": "20060715 Kerio Terminating 'kpf4ss.exe' using internal runtime error Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440112/100/100/threaded" + }, + { + "name": "1260", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1260" + }, + { + "name": "21060", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21060" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4293.json b/2006/4xxx/CVE-2006-4293.json index 4cdf98973e7..400ca5e7a08 100644 --- a/2006/4xxx/CVE-2006-4293.json +++ b/2006/4xxx/CVE-2006-4293.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4293", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4293", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060816 Multiple xxs cPanel 10", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443637/100/0/threaded" - }, - { - "name" : "19624", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19624" - }, - { - "name" : "28041", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28041" - }, - { - "name" : "28042", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28042" - }, - { - "name" : "28043", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28043" - }, - { - "name" : "21592", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21592" - }, - { - "name" : "1442", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1442" - }, - { - "name" : "cpanel-dohtaccess-xss(28447)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28447" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cpanel-dohtaccess-xss(28447)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28447" + }, + { + "name": "28043", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28043" + }, + { + "name": "19624", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19624" + }, + { + "name": "21592", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21592" + }, + { + "name": "20060816 Multiple xxs cPanel 10", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443637/100/0/threaded" + }, + { + "name": "28041", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28041" + }, + { + "name": "1442", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1442" + }, + { + "name": "28042", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28042" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4344.json b/2006/4xxx/CVE-2006-4344.json index 04bc090094c..46112131d54 100644 --- a/2006/4xxx/CVE-2006-4344.json +++ b/2006/4xxx/CVE-2006-4344.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) before 8.3 allows remote attackers to spoof e-mails and inject e-mail headers via unspecified vectors in (1) mail.cgi and (2) query.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20060822210549", - "refsource" : "CONFIRM", - "url" : "http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20060822210549" - }, - { - "name" : "JVN#11048526", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2311048526/index.html" - }, - { - "name" : "19676", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19676" - }, - { - "name" : "ADV-2006-3359", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3359" - }, - { - "name" : "28131", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28131" - }, - { - "name" : "21543", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21543" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) before 8.3 allows remote attackers to spoof e-mails and inject e-mail headers via unspecified vectors in (1) mail.cgi and (2) query.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19676", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19676" + }, + { + "name": "28131", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28131" + }, + { + "name": "21543", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21543" + }, + { + "name": "JVN#11048526", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2311048526/index.html" + }, + { + "name": "http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20060822210549", + "refsource": "CONFIRM", + "url": "http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20060822210549" + }, + { + "name": "ADV-2006-3359", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3359" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4965.json b/2006/4xxx/CVE-2006-4965.json index 40bfa117496..0ac1b94a24c 100644 --- a/2006/4xxx/CVE-2006-4965.json +++ b/2006/4xxx/CVE-2006-4965.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4965", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4965", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060920 Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446750/100/0/threaded" - }, - { - "name" : "20061207 New MySpace worm could be on its way", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453756/100/0/threaded" - }, - { - "name" : "20070912 0DAY: QuickTime pwns Firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/479179/100/0/threaded" - }, - { - "name" : "http://www.gnucitizen.org/blog/backdooring-mp3-files/", - "refsource" : "MISC", - "url" : "http://www.gnucitizen.org/blog/backdooring-mp3-files/" - }, - { - "name" : "http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up", - "refsource" : "MISC", - "url" : "http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up" - }, - { - "name" : "http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox", - "refsource" : "MISC", - "url" : "http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=305149", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=305149" - }, - { - "name" : "APPLE-SA-2007-03-05", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html" - }, - { - "name" : "VU#751808", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/751808" - }, - { - "name" : "20138", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20138" - }, - { - "name" : "ADV-2007-3155", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3155" - }, - { - "name" : "1018687", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018687" - }, - { - "name" : "22048", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22048" - }, - { - "name" : "27414", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27414" - }, - { - "name" : "1631", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1631", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1631" + }, + { + "name": "VU#751808", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/751808" + }, + { + "name": "27414", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27414" + }, + { + "name": "20070912 0DAY: QuickTime pwns Firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/479179/100/0/threaded" + }, + { + "name": "1018687", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018687" + }, + { + "name": "http://www.gnucitizen.org/blog/backdooring-mp3-files/", + "refsource": "MISC", + "url": "http://www.gnucitizen.org/blog/backdooring-mp3-files/" + }, + { + "name": "20061207 New MySpace worm could be on its way", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453756/100/0/threaded" + }, + { + "name": "APPLE-SA-2007-03-05", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html" + }, + { + "name": "ADV-2007-3155", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3155" + }, + { + "name": "20138", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20138" + }, + { + "name": "20060920 Backdooring MP3 files (plus QuickTime issues and Cross-context Scripting)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446750/100/0/threaded" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=305149", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=305149" + }, + { + "name": "http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox", + "refsource": "MISC", + "url": "http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox" + }, + { + "name": "22048", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22048" + }, + { + "name": "http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up", + "refsource": "MISC", + "url": "http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6024.json b/2006/6xxx/CVE-2006-6024.json index 0b997f65fca..65fbcf9d6d4 100644 --- a/2006/6xxx/CVE-2006-6024.json +++ b/2006/6xxx/CVE-2006-6024.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 version 6.1.22.0, have unknown impact and attack vectors, as demonstrated by the (1) \"Eudora WorldMail stack overflow\" and (2) \"Eudora WorldMail heap overflow\" modules in VulnDisco Pack. NOTE: Some of these details are obtained from third party information. As of 20061118, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://web.archive.org/web/20060502082657/http://www.gleg.net/vulndisco_pack_standard.shtml", - "refsource" : "MISC", - "url" : "http://web.archive.org/web/20060502082657/http://www.gleg.net/vulndisco_pack_standard.shtml" - }, - { - "name" : "21095", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21095" - }, - { - "name" : "22832", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22832" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 version 6.1.22.0, have unknown impact and attack vectors, as demonstrated by the (1) \"Eudora WorldMail stack overflow\" and (2) \"Eudora WorldMail heap overflow\" modules in VulnDisco Pack. NOTE: Some of these details are obtained from third party information. As of 20061118, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21095", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21095" + }, + { + "name": "http://web.archive.org/web/20060502082657/http://www.gleg.net/vulndisco_pack_standard.shtml", + "refsource": "MISC", + "url": "http://web.archive.org/web/20060502082657/http://www.gleg.net/vulndisco_pack_standard.shtml" + }, + { + "name": "22832", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22832" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6271.json b/2006/6xxx/CVE-2006-6271.json index 0474f6676dd..515b5764a33 100644 --- a/2006/6xxx/CVE-2006-6271.json +++ b/2006/6xxx/CVE-2006-6271.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in PHPOLL 0.96 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) index.php, (2) info.php; and (3) index.php, (4) votanti.php, (5) risultati_config.php, (6) modifica_band.php, (7) band_editor.php, and (8) config_editor.php in admin/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061119 PHPOLL => 0.96 Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452093/100/200/threaded" - }, - { - "name" : "1960", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1960" - }, - { - "name" : "phpoll-language-xss(30426)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHPOLL 0.96 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) index.php, (2) info.php; and (3) index.php, (4) votanti.php, (5) risultati_config.php, (6) modifica_band.php, (7) band_editor.php, and (8) config_editor.php in admin/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1960", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1960" + }, + { + "name": "phpoll-language-xss(30426)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30426" + }, + { + "name": "20061119 PHPOLL => 0.96 Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452093/100/200/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6562.json b/2006/6xxx/CVE-2006-6562.json index 69b043ca1f6..e4f158d7bf3 100644 --- a/2006/6xxx/CVE-2006-6562.json +++ b/2006/6xxx/CVE-2006-6562.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6562", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6562", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6843.json b/2006/6xxx/CVE-2006-6843.json index 1b9c1544e0e..a526c9844b9 100644 --- a/2006/6xxx/CVE-2006-6843.json +++ b/2006/6xxx/CVE-2006-6843.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 beta component for Joomla! allows remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "21776", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21776" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 beta component for Joomla! allows remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21776", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21776" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6994.json b/2006/6xxx/CVE-2006-6994.json index 68db7242923..4e2083793a6 100644 --- a/2006/6xxx/CVE-2006-6994.json +++ b/2006/6xxx/CVE-2006-6994.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, possibly 2.0 and earlier, allows remote attackers to upload and execute arbitrary ASP files by removing the client-side security checks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060509 # MHG Security Team --- OzzyWork Gallery Upload Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=114723238307299&w=2" - }, - { - "name" : "17946", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17946" - }, - { - "name" : "ADV-2006-1768", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1768" - }, - { - "name" : "25427", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25427" - }, - { - "name" : "20049", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20049" - }, - { - "name" : "ozzyworkgaleri-add-file-upload(26365)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26365" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, possibly 2.0 and earlier, allows remote attackers to upload and execute arbitrary ASP files by removing the client-side security checks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060509 # MHG Security Team --- OzzyWork Gallery Upload Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=114723238307299&w=2" + }, + { + "name": "25427", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25427" + }, + { + "name": "ADV-2006-1768", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1768" + }, + { + "name": "ozzyworkgaleri-add-file-upload(26365)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26365" + }, + { + "name": "20049", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20049" + }, + { + "name": "17946", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17946" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2426.json b/2010/2xxx/CVE-2010-2426.json index f3abb2cd5c3..564d727a8c7 100644 --- a/2010/2xxx/CVE-2010-2426.json +++ b/2010/2xxx/CVE-2010-2426.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via \"..//\" sequences in the xcrc command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100615 TitanFTP Server Arbitrary File Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511839/100/0/threaded" - }, - { - "name" : "40949", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40949" - }, - { - "name" : "65533", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65533" - }, - { - "name" : "40237", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40237" - }, - { - "name" : "tfs-xcrc-dir-traversal(59492)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59492" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via \"..//\" sequences in the xcrc command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "65533", + "refsource": "OSVDB", + "url": "http://osvdb.org/65533" + }, + { + "name": "40237", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40237" + }, + { + "name": "20100615 TitanFTP Server Arbitrary File Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511839/100/0/threaded" + }, + { + "name": "40949", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40949" + }, + { + "name": "tfs-xcrc-dir-traversal(59492)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59492" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0185.json b/2011/0xxx/CVE-2011-0185.json index 65f276f836e..9f69ab6ebcc 100644 --- a/2011/0xxx/CVE-2011-0185.json +++ b/2011/0xxx/CVE-2011-0185.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5002", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5002" - }, - { - "name" : "APPLE-SA-2011-10-12-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" - }, - { - "name" : "50092", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50092" - }, - { - "name" : "50085", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50092", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50092" + }, + { + "name": "APPLE-SA-2011-10-12-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5002", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5002" + }, + { + "name": "50085", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50085" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0476.json b/2011/0xxx/CVE-2011-0476.json index 9f6474714f3..ba4a9717fa0 100644 --- a/2011/0xxx/CVE-2011-0476.json +++ b/2011/0xxx/CVE-2011-0476.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a PDF document that triggers an out-of-memory error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=67208", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=67208" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html" - }, - { - "name" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2054", - "refsource" : "CONFIRM", - "url" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2054" - }, - { - "name" : "45788", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45788" - }, - { - "name" : "70459", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70459" - }, - { - "name" : "oval:org.mitre.oval:def:14102", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14102" - }, - { - "name" : "42951", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42951" - }, - { - "name" : "chrome-pdf-files-ce(64667)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64667" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a PDF document that triggers an out-of-memory error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "chrome-pdf-files-ce(64667)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64667" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=67208", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=67208" + }, + { + "name": "45788", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45788" + }, + { + "name": "http://www.srware.net/forum/viewtopic.php?f=18&t=2054", + "refsource": "CONFIRM", + "url": "http://www.srware.net/forum/viewtopic.php?f=18&t=2054" + }, + { + "name": "oval:org.mitre.oval:def:14102", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14102" + }, + { + "name": "70459", + "refsource": "OSVDB", + "url": "http://osvdb.org/70459" + }, + { + "name": "42951", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42951" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0576.json b/2011/0xxx/CVE-2011-0576.json index 6a74c668992..b1188ff2dd4 100644 --- a/2011/0xxx/CVE-2011-0576.json +++ b/2011/0xxx/CVE-2011-0576.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0576", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-0576", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0963.json b/2011/0xxx/CVE-2011-0963.json index b15e79aba18..9d58dfb5e32 100644 --- a/2011/0xxx/CVE-2011-0963.json +++ b/2011/0xxx/CVE-2011-0963.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of the RADIUS authentication feature on the Cisco Network Admission Control (NAC) Guest Server with software before 2.0.3 allows remote attackers to bypass intended access restrictions and obtain network connectivity via unspecified vectors, aka Bug ID CSCtj66922." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-0963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110330 Cisco Network Admission Control Guest Server System Software Authentication Bypass Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74114.shtml" - }, - { - "name" : "1025272", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025272" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of the RADIUS authentication feature on the Cisco Network Admission Control (NAC) Guest Server with software before 2.0.3 allows remote attackers to bypass intended access restrictions and obtain network connectivity via unspecified vectors, aka Bug ID CSCtj66922." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025272", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025272" + }, + { + "name": "20110330 Cisco Network Admission Control Guest Server System Software Authentication Bypass Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74114.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1344.json b/2011/1xxx/CVE-2011-1344.json index e02c135cd79..9b3f8bf9747 100644 --- a/2011/1xxx/CVE-2011-1344.json +++ b/2011/1xxx/CVE-2011-1344.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110414 ZDI-11-135: (Pwn2Own) WebKit WBR Tag Removal Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517505/100/0/threaded" - }, - { - "name" : "20110415 VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability (CVE-2011-1344)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517517/100/0/threaded" - }, - { - "name" : "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011" - }, - { - "name" : "http://twitter.com/aaronportnoy/statuses/45632544967901187", - "refsource" : "MISC", - "url" : "http://twitter.com/aaronportnoy/statuses/45632544967901187" - }, - { - "name" : "http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own", - "refsource" : "MISC", - "url" : "http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own" - }, - { - "name" : "http://www.zdnet.com/blog/security/safarimacbook-first-to-fall-at-pwn2own-2011/8358", - "refsource" : "MISC", - "url" : "http://www.zdnet.com/blog/security/safarimacbook-first-to-fall-at-pwn2own-2011/8358" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-135", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-135" - }, - { - "name" : "http://support.apple.com/kb/HT4596", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4596" - }, - { - "name" : "http://support.apple.com/kb/HT4607", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4607" - }, - { - "name" : "APPLE-SA-2011-04-14-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-04-14-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Apr/msg00001.html" - }, - { - "name" : "APPLE-SA-2011-04-14-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Apr/msg00002.html" - }, - { - "name" : "46822", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46822" - }, - { - "name" : "1025363", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025363" - }, - { - "name" : "44151", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44151" - }, - { - "name" : "44154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44154" - }, - { - "name" : "ADV-2011-0984", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0984" - }, - { - "name" : "safari-webkit-unspec-code-exec(66061)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44151", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44151" + }, + { + "name": "20110415 VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability (CVE-2011-1344)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517517/100/0/threaded" + }, + { + "name": "http://twitter.com/aaronportnoy/statuses/45632544967901187", + "refsource": "MISC", + "url": "http://twitter.com/aaronportnoy/statuses/45632544967901187" + }, + { + "name": "46822", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46822" + }, + { + "name": "http://support.apple.com/kb/HT4596", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4596" + }, + { + "name": "APPLE-SA-2011-04-14-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Apr/msg00002.html" + }, + { + "name": "1025363", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025363" + }, + { + "name": "APPLE-SA-2011-04-14-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Apr/msg00001.html" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-135", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-135" + }, + { + "name": "ADV-2011-0984", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0984" + }, + { + "name": "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011" + }, + { + "name": "20110414 ZDI-11-135: (Pwn2Own) WebKit WBR Tag Removal Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517505/100/0/threaded" + }, + { + "name": "http://support.apple.com/kb/HT4607", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4607" + }, + { + "name": "safari-webkit-unspec-code-exec(66061)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66061" + }, + { + "name": "http://www.zdnet.com/blog/security/safarimacbook-first-to-fall-at-pwn2own-2011/8358", + "refsource": "MISC", + "url": "http://www.zdnet.com/blog/security/safarimacbook-first-to-fall-at-pwn2own-2011/8358" + }, + { + "name": "http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own", + "refsource": "MISC", + "url": "http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own" + }, + { + "name": "APPLE-SA-2011-04-14-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.html" + }, + { + "name": "44154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44154" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1706.json b/2011/1xxx/CVE-2011-1706.json index b9b0cedfd1a..c2f8e67176c 100644 --- a/2011/1xxx/CVE-2011-1706.json +++ b/2011/1xxx/CVE-2011-1706.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted iprint-client-config-info parameter in a printer-url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110606 ZDI-11-179: Novell iPrint nipplib.dll iprint-client-config-info Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/518273/100/0/threaded" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-11-179/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-11-179/" - }, - { - "name" : "http://download.novell.com/Download?buildid=6_bNby38ERg~", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=6_bNby38ERg~" - }, - { - "name" : "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008730", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008730" - }, - { - "name" : "48124", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48124" - }, - { - "name" : "1025606", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025606" - }, - { - "name" : "44811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44811" - }, - { - "name" : "novell-iprint-iprintclientconfiginfo-bo(67881)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67881" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted iprint-client-config-info parameter in a printer-url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025606", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025606" + }, + { + "name": "novell-iprint-iprintclientconfiginfo-bo(67881)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67881" + }, + { + "name": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008730", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008730" + }, + { + "name": "http://download.novell.com/Download?buildid=6_bNby38ERg~", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=6_bNby38ERg~" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-11-179/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-11-179/" + }, + { + "name": "20110606 ZDI-11-179: Novell iPrint nipplib.dll iprint-client-config-info Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/518273/100/0/threaded" + }, + { + "name": "44811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44811" + }, + { + "name": "48124", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48124" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1723.json b/2011/1xxx/CVE-2011-1723.json index 5d36c0c9fca..e7103e6ed81 100644 --- a/2011/1xxx/CVE-2011-1723.json +++ b/2011/1xxx/CVE-2011-1723.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110406 XSS Vulnerability in Redmine 1.0.1 to 1.1.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517355/100/0/threaded" - }, - { - "name" : "http://www.mavitunasecurity.com/XSS-vulnerability-in-Redmine/", - "refsource" : "MISC", - "url" : "http://www.mavitunasecurity.com/XSS-vulnerability-in-Redmine/" - }, - { - "name" : "http://www.redmine.org/news/53", - "refsource" : "CONFIRM", - "url" : "http://www.redmine.org/news/53" - }, - { - "name" : "47193", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47193" - }, - { - "name" : "71564", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/71564" - }, - { - "name" : "43999", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43999" - }, - { - "name" : "8211", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8211" - }, - { - "name" : "ADV-2011-0895", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0895" - }, - { - "name" : "redmine-base-xss(66612)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66612" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47193", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47193" + }, + { + "name": "43999", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43999" + }, + { + "name": "20110406 XSS Vulnerability in Redmine 1.0.1 to 1.1.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517355/100/0/threaded" + }, + { + "name": "ADV-2011-0895", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0895" + }, + { + "name": "8211", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8211" + }, + { + "name": "71564", + "refsource": "OSVDB", + "url": "http://osvdb.org/71564" + }, + { + "name": "http://www.redmine.org/news/53", + "refsource": "CONFIRM", + "url": "http://www.redmine.org/news/53" + }, + { + "name": "http://www.mavitunasecurity.com/XSS-vulnerability-in-Redmine/", + "refsource": "MISC", + "url": "http://www.mavitunasecurity.com/XSS-vulnerability-in-Redmine/" + }, + { + "name": "redmine-base-xss(66612)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66612" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4124.json b/2011/4xxx/CVE-2011-4124.json index ac769117a78..150b16bb877 100644 --- a/2011/4xxx/CVE-2011-4124.json +++ b/2011/4xxx/CVE-2011-4124.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4124", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4124", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4238.json b/2011/4xxx/CVE-2011-4238.json index 68fa17430fe..58d1bb71b4a 100644 --- a/2011/4xxx/CVE-2011-4238.json +++ b/2011/4xxx/CVE-2011-4238.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4238", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4238", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4288.json b/2011/4xxx/CVE-2011-4288.json index 97e8f875794..76bff2dea4c 100644 --- a/2011/4xxx/CVE-2011-4288.json +++ b/2011/4xxx/CVE-2011-4288.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/11/14/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=79c6e3a0968ee1fedcf8a1f14f8086fcd9dbd3f6", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=79c6e3a0968ee1fedcf8a1f14f8086fcd9dbd3f6" - }, - { - "name" : "http://moodle.org/mod/forum/discuss.php?d=175590", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/mod/forum/discuss.php?d=175590" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/11/14/1" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=79c6e3a0968ee1fedcf8a1f14f8086fcd9dbd3f6", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=79c6e3a0968ee1fedcf8a1f14f8086fcd9dbd3f6" + }, + { + "name": "http://moodle.org/mod/forum/discuss.php?d=175590", + "refsource": "CONFIRM", + "url": "http://moodle.org/mod/forum/discuss.php?d=175590" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4661.json b/2011/4xxx/CVE-2011-4661.json index 4ef61e6f596..720fac598a7 100644 --- a/2011/4xxx/CVE-2011-4661.json +++ b/2011/4xxx/CVE-2011-4661.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4661", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4661", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2098.json b/2014/2xxx/CVE-2014-2098.json index d285c72e565..651fb4caa1d 100644 --- a/2014/2xxx/CVE-2014-2098.json +++ b/2014/2xxx/CVE-2014-2098.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted WMA data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3" - }, - { - "name" : "GLSA-201603-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-06" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted WMA data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3" + }, + { + "name": "GLSA-201603-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-06" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2111.json b/2014/2xxx/CVE-2014-2111.json index a6c29ec99ad..4b86fda8b89 100644 --- a/2014/2xxx/CVE-2014-2111.json +++ b/2014/2xxx/CVE-2014-2111.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-2111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140326 Cisco IOS Software Network Address Translation Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-nat" - }, - { - "name" : "66470", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140326 Cisco IOS Software Network Address Translation Vulnerabilities", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-nat" + }, + { + "name": "66470", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66470" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2386.json b/2014/2xxx/CVE-2014-2386.json index 1feacf2e8bb..775a8b4838a 100644 --- a/2014/2xxx/CVE-2014-2386.json +++ b/2014/2xxx/CVE-2014-2386.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2) print_export_link, (3) page_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or (5) status_page_num_selector function in cgi/status.c, which triggers a stack-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140313 CVE request for icinga 1 byte \\0 overflows", - "refsource" : "MLIST", - "url" : "http://comments.gmane.org/gmane.comp.security.oss.general/12355" - }, - { - "name" : "https://dev.icinga.org/issues/5663", - "refsource" : "CONFIRM", - "url" : "https://dev.icinga.org/issues/5663" - }, - { - "name" : "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=73285093b71a5551abdaab0a042d3d6bae093b0d", - "refsource" : "CONFIRM", - "url" : "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=73285093b71a5551abdaab0a042d3d6bae093b0d" - }, - { - "name" : "openSUSE-SU-2014:0420", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2) print_export_link, (3) page_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or (5) status_page_num_selector function in cgi/status.c, which triggers a stack-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140313 CVE request for icinga 1 byte \\0 overflows", + "refsource": "MLIST", + "url": "http://comments.gmane.org/gmane.comp.security.oss.general/12355" + }, + { + "name": "openSUSE-SU-2014:0420", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html" + }, + { + "name": "https://dev.icinga.org/issues/5663", + "refsource": "CONFIRM", + "url": "https://dev.icinga.org/issues/5663" + }, + { + "name": "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=73285093b71a5551abdaab0a042d3d6bae093b0d", + "refsource": "CONFIRM", + "url": "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=73285093b71a5551abdaab0a042d3d6bae093b0d" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2628.json b/2014/2xxx/CVE-2014-2628.json index ae7402a348a..6f94300b937 100644 --- a/2014/2xxx/CVE-2014-2628.json +++ b/2014/2xxx/CVE-2014-2628.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2628", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Enterprise Maps 1 allows remote authenticated users to obtain sensitive information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2014-2628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU03081", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04390793" - }, - { - "name" : "SSRT101627", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04390793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Enterprise Maps 1 allows remote authenticated users to obtain sensitive information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101627", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04390793" + }, + { + "name": "HPSBMU03081", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04390793" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3368.json b/2014/3xxx/CVE-2014-3368.json index 9b030c6be15..dc4be8e950a 100644 --- a/2014/3xxx/CVE-2014-3368.json +++ b/2014/3xxx/CVE-2014-3368.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.2 allow remote attackers to cause a denial of service (device reload) via a high rate of crafted packets, aka Bug ID CSCui06507." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35827", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35827" - }, - { - "name" : "20141015 Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs" - }, - { - "name" : "1031055", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031055" - }, - { - "name" : "60850", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60850" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.2 allow remote attackers to cause a denial of service (device reload) via a high rate of crafted packets, aka Bug ID CSCui06507." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60850", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60850" + }, + { + "name": "1031055", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031055" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35827", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35827" + }, + { + "name": "20141015 Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3746.json b/2014/3xxx/CVE-2014-3746.json index 29e5ca0eaa6..c1ab7d04a56 100644 --- a/2014/3xxx/CVE-2014-3746.json +++ b/2014/3xxx/CVE-2014-3746.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3746", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3746", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3864.json b/2014/3xxx/CVE-2014-3864.json index ba44f6a97df..4b6061cb1ee 100644 --- a/2014/3xxx/CVE-2014-3864.json +++ b/2014/3xxx/CVE-2014-3864.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140525 CVE request: another path traversal in dpkg-source during unpack", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/05/25/2" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746498", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746498" - }, - { - "name" : "DSA-2953", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2953" - }, - { - "name" : "USN-2242-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2242-1" - }, - { - "name" : "67725", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2242-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2242-1" + }, + { + "name": "DSA-2953", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2953" + }, + { + "name": "[oss-security] 20140525 CVE request: another path traversal in dpkg-source during unpack", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/05/25/2" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746498", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746498" + }, + { + "name": "67725", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67725" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3902.json b/2014/3xxx/CVE-2014-3902.json index 05cb6de55b4..9dd5f96dd63 100644 --- a/2014/3xxx/CVE-2014-3902.json +++ b/2014/3xxx/CVE-2014-3902.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CyberAgent Ameba application 3.x and 4.x before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-3902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://play.google.com/store/apps/details?id=jp.ameba", - "refsource" : "CONFIRM", - "url" : "https://play.google.com/store/apps/details?id=jp.ameba" - }, - { - "name" : "https://www.cyberagent.co.jp/info/detail/id=9185", - "refsource" : "CONFIRM", - "url" : "https://www.cyberagent.co.jp/info/detail/id=9185" - }, - { - "name" : "JVN#27702217", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN27702217/index.html" - }, - { - "name" : "JVNDB-2014-000098", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CyberAgent Ameba application 3.x and 4.x before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#27702217", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN27702217/index.html" + }, + { + "name": "JVNDB-2014-000098", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000098" + }, + { + "name": "https://www.cyberagent.co.jp/info/detail/id=9185", + "refsource": "CONFIRM", + "url": "https://www.cyberagent.co.jp/info/detail/id=9185" + }, + { + "name": "https://play.google.com/store/apps/details?id=jp.ameba", + "refsource": "CONFIRM", + "url": "https://play.google.com/store/apps/details?id=jp.ameba" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6193.json b/2014/6xxx/CVE-2014-6193.json index 896a796b36e..f8e0baa3a88 100644 --- a/2014/6xxx/CVE-2014-6193.json +++ b/2014/6xxx/CVE-2014-6193.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, when the Managed Pages setting is enabled, allows remote authenticated users to write to pages via an XML injection attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21692107", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21692107" - }, - { - "name" : "PI28699", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI28699" - }, - { - "name" : "ibm-wsportal-cve20146193-xml-injection(98567)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, when the Managed Pages setting is enabled, allows remote authenticated users to write to pages via an XML injection attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PI28699", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI28699" + }, + { + "name": "ibm-wsportal-cve20146193-xml-injection(98567)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98567" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21692107", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692107" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6317.json b/2014/6xxx/CVE-2014-6317.json index b766977ab6a..12dee533a0e 100644 --- a/2014/6xxx/CVE-2014-6317.json +++ b/2014/6xxx/CVE-2014-6317.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font, aka \"Denial of Service in Windows Kernel Mode Driver Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-6317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspx" - }, - { - "name" : "MS14-079", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-079" - }, - { - "name" : "70949", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70949" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font, aka \"Denial of Service in Windows Kernel Mode Driver Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70949", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70949" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspx" + }, + { + "name": "MS14-079", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-079" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6503.json b/2014/6xxx/CVE-2014-6503.json index dbdaf0f0585..098d36639a7 100644 --- a/2014/6xxx/CVE-2014-6503.json +++ b/2014/6xxx/CVE-2014-6503.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21688283", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21688283" - }, - { - "name" : "GLSA-201502-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml" - }, - { - "name" : "HPSBUX03218", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141775382904016&w=2" - }, - { - "name" : "SSRT101770", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141775382904016&w=2" - }, - { - "name" : "RHSA-2014:1657", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1657.html" - }, - { - "name" : "RHSA-2014:1658", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1658.html" - }, - { - "name" : "RHSA-2014:1876", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1876.html" - }, - { - "name" : "RHSA-2014:1877", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1877.html" - }, - { - "name" : "RHSA-2014:1880", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1880.html" - }, - { - "name" : "RHSA-2014:1882", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1882.html" - }, - { - "name" : "RHSA-2015:0264", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0264.html" - }, - { - "name" : "SUSE-SU-2014:1526", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html" - }, - { - "name" : "SUSE-SU-2014:1549", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html" - }, - { - "name" : "SUSE-SU-2015:0344", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html" - }, - { - "name" : "SUSE-SU-2015:0345", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html" - }, - { - "name" : "SUSE-SU-2015:0392", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html" - }, - { - "name" : "70518", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70518" - }, - { - "name" : "61163", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61163" - }, - { - "name" : "61164", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61164" - }, - { - "name" : "61609", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:1880", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1880.html" + }, + { + "name": "RHSA-2014:1657", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1657.html" + }, + { + "name": "RHSA-2014:1877", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1877.html" + }, + { + "name": "61609", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61609" + }, + { + "name": "61163", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61163" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283" + }, + { + "name": "HPSBUX03218", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141775382904016&w=2" + }, + { + "name": "SUSE-SU-2014:1549", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html" + }, + { + "name": "RHSA-2014:1876", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1876.html" + }, + { + "name": "RHSA-2015:0264", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html" + }, + { + "name": "SUSE-SU-2015:0392", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html" + }, + { + "name": "SUSE-SU-2014:1526", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html" + }, + { + "name": "SUSE-SU-2015:0345", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html" + }, + { + "name": "RHSA-2014:1882", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1882.html" + }, + { + "name": "70518", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70518" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "RHSA-2014:1658", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1658.html" + }, + { + "name": "61164", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61164" + }, + { + "name": "SSRT101770", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141775382904016&w=2" + }, + { + "name": "GLSA-201502-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml" + }, + { + "name": "SUSE-SU-2015:0344", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6685.json b/2014/6xxx/CVE-2014-6685.json index 39d7db0b6ee..62b84ed357a 100644 --- a/2014/6xxx/CVE-2014-6685.json +++ b/2014/6xxx/CVE-2014-6685.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Tsushima Travel Guide (aka com.netjapan.ntsushima) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#814201", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/814201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Tsushima Travel Guide (aka com.netjapan.ntsushima) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#814201", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/814201" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6766.json b/2014/6xxx/CVE-2014-6766.json index 2f1333c3285..5d4bed27e46 100644 --- a/2014/6xxx/CVE-2014-6766.json +++ b/2014/6xxx/CVE-2014-6766.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Afro-Beat (aka com.zero.themelock.tambourine) application 0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#750049", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/750049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Afro-Beat (aka com.zero.themelock.tambourine) application 0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#750049", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/750049" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6887.json b/2014/6xxx/CVE-2014-6887.json index e7b9c297d8e..1eb64fcf68c 100644 --- a/2014/6xxx/CVE-2014-6887.json +++ b/2014/6xxx/CVE-2014-6887.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The EXPRESS (aka com.gpshopper.express.android) application 2.5.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#898329", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/898329" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The EXPRESS (aka com.gpshopper.express.android) application 2.5.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#898329", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/898329" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7369.json b/2014/7xxx/CVE-2014-7369.json index b651a74e2cd..14f773ade71 100644 --- a/2014/7xxx/CVE-2014-7369.json +++ b/2014/7xxx/CVE-2014-7369.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Il Brillo Parlante (aka com.wIlBrilloParlante) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#710273", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/710273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Il Brillo Parlante (aka com.wIlBrilloParlante) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#710273", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/710273" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7587.json b/2014/7xxx/CVE-2014-7587.json index 21d21a41d75..d6e14908e83 100644 --- a/2014/7xxx/CVE-2014-7587.json +++ b/2014/7xxx/CVE-2014-7587.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Blocked in Free (aka com.blueup.blocked) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#846233", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/846233" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Blocked in Free (aka com.blueup.blocked) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#846233", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/846233" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7734.json b/2014/7xxx/CVE-2014-7734.json index b4dccebcc08..5aa96fbeb08 100644 --- a/2014/7xxx/CVE-2014-7734.json +++ b/2014/7xxx/CVE-2014-7734.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Reds Anytime Bail (aka com.onesolutionapps.redsanytimebailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#736233", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/736233" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Reds Anytime Bail (aka com.onesolutionapps.redsanytimebailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#736233", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/736233" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7956.json b/2014/7xxx/CVE-2014-7956.json index 5a60d2b9a3c..c708b1dc2b6 100644 --- a/2014/7xxx/CVE-2014-7956.json +++ b/2014/7xxx/CVE-2014-7956.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7956", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150110 Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534437/100/0/threaded" - }, - { - "name" : "20150112 Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jan/26" - }, - { - "name" : "http://packetstormsecurity.com/files/129890/WordPress-Pods-2.4.3-CSRF-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129890/WordPress-Pods-2.4.3-CSRF-Cross-Site-Scripting.html" - }, - { - "name" : "71995", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71995" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20150112 Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jan/26" + }, + { + "name": "71995", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71995" + }, + { + "name": "http://packetstormsecurity.com/files/129890/WordPress-Pods-2.4.3-CSRF-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129890/WordPress-Pods-2.4.3-CSRF-Cross-Site-Scripting.html" + }, + { + "name": "20150110 Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534437/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2060.json b/2016/2xxx/CVE-2016-2060.json index c0c05ae73be..3bc63c80636 100644 --- a/2016/2xxx/CVE-2016-2060.json +++ b/2016/2xxx/CVE-2016-2060.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "server/TetherController.cpp in the tethering controller in netd, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate upstream interface names, which allows attackers to bypass intended access restrictions via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-05-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-05-01.html" - }, - { - "name" : "https://www.codeaurora.org/improper-input-validation-tethering-controller-netd-cve-2016-2060-0", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/improper-input-validation-tethering-controller-netd-cve-2016-2060-0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "server/TetherController.cpp in the tethering controller in netd, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate upstream interface names, which allows attackers to bypass intended access restrictions via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-05-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-05-01.html" + }, + { + "name": "https://www.codeaurora.org/improper-input-validation-tethering-controller-netd-cve-2016-2060-0", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/improper-input-validation-tethering-controller-netd-cve-2016-2060-0" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2266.json b/2016/2xxx/CVE-2016-2266.json index 9111ab0d537..2ed0126ce88 100644 --- a/2016/2xxx/CVE-2016-2266.json +++ b/2016/2xxx/CVE-2016-2266.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2266", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2266", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0078.json b/2017/0xxx/CVE-2017-0078.json index 3d2f51d8a0f..a34405aa4e7 100644 --- a/2017/0xxx/CVE-2017-0078.json +++ b/2017/0xxx/CVE-2017-0078.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Win32k", - "version" : { - "version_data" : [ - { - "version_value" : "The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\" This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Win32k", + "version": { + "version_data": [ + { + "version_value": "The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0078", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0078" - }, - { - "name" : "96631", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96631" - }, - { - "name" : "1038017", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\" This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0078", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0078" + }, + { + "name": "1038017", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038017" + }, + { + "name": "96631", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96631" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0156.json b/2017/0xxx/CVE-2017-0156.json index 5d965793006..92755207f73 100644 --- a/2017/0xxx/CVE-2017-0156.json +++ b/2017/0xxx/CVE-2017-0156.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Graphics Component", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists in Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 when the Microsoft Graphics Component fails to properly handle objects in memory, aka \"Windows Graphics Component Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Graphics Component", + "version": { + "version_data": [ + { + "version_value": "Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0156", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0156" - }, - { - "name" : "97507", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97507" - }, - { - "name" : "1038237", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038237" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 when the Microsoft Graphics Component fails to properly handle objects in memory, aka \"Windows Graphics Component Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038237", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038237" + }, + { + "name": "97507", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97507" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0156", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0156" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0589.json b/2017/0xxx/CVE-2017-0589.json index 9ebb8146d4b..289dde6567c 100644 --- a/2017/0xxx/CVE-2017-0589.json +++ b/2017/0xxx/CVE-2017-0589.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.1.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34897036." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "5.0.2" + }, + { + "version_value": "5.1.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://android.googlesource.com/platform/external/libhevc/+/bcfc7124f6ef9f1ec128fb2e90de774a5b33d199", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/external/libhevc/+/bcfc7124f6ef9f1ec128fb2e90de774a5b33d199" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98122", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98122" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34897036." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/external/libhevc/+/bcfc7124f6ef9f1ec128fb2e90de774a5b33d199", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/external/libhevc/+/bcfc7124f6ef9f1ec128fb2e90de774a5b33d199" + }, + { + "name": "98122", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98122" + }, + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18057.json b/2017/18xxx/CVE-2017-18057.json index eb6e272e268..ce86542242b 100644 --- a/2017/18xxx/CVE-2017-18057.json +++ b/2017/18xxx/CVE-2017-18057.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-03-05T00:00:00", - "ID" : "CVE-2017-18057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_nlo_scan_cmp_evt_handler(), which is received from firmware, leads to potential out of bounds memory read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-03-05T00:00:00", + "ID": "CVE-2017-18057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=24d41d2bd3d98325b3800345f4ba27a334b3894b", - "refsource" : "MISC", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=24d41d2bd3d98325b3800345f4ba27a334b3894b" - }, - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_nlo_scan_cmp_evt_handler(), which is received from firmware, leads to potential out of bounds memory read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=24d41d2bd3d98325b3800345f4ba27a334b3894b", + "refsource": "MISC", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=24d41d2bd3d98325b3800345f4ba27a334b3894b" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2018-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1074.json b/2017/1xxx/CVE-2017-1074.json index 5ef373869dd..6211b85d78a 100644 --- a/2017/1xxx/CVE-2017-1074.json +++ b/2017/1xxx/CVE-2017-1074.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1074", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1074", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1433.json b/2017/1xxx/CVE-2017-1433.json index 96b419362e8..720381ca97f 100644 --- a/2017/1xxx/CVE-2017-1433.json +++ b/2017/1xxx/CVE-2017-1433.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-12-06T00:00:00", - "ID" : "CVE-2017-1433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MQ", - "version" : { - "version_data" : [ - { - "version_value" : "7.5" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "9.0" - }, - { - "version_value" : "9.0.0.1" - }, - { - "version_value" : "8.0.0.1" - }, - { - "version_value" : "8.0.0.2" - }, - { - "version_value" : "8.0.0.3" - }, - { - "version_value" : "8.0.0.4" - }, - { - "version_value" : "8.0.0.5" - }, - { - "version_value" : "8.0.0.6" - }, - { - "version_value" : "8.0.0.7" - }, - { - "version_value" : "7.5.0.1" - }, - { - "version_value" : "7.5.0.2" - }, - { - "version_value" : "7.5.0.3" - }, - { - "version_value" : "7.5.0.4" - }, - { - "version_value" : "7.5.0.5" - }, - { - "version_value" : "7.5.0.6" - }, - { - "version_value" : "7.5.0.7" - }, - { - "version_value" : "7.5.0.8" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-12-06T00:00:00", + "ID": "CVE-2017-1433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MQ", + "version": { + "version_data": [ + { + "version_value": "7.5" + }, + { + "version_value": "8.0" + }, + { + "version_value": "9.0" + }, + { + "version_value": "9.0.0.1" + }, + { + "version_value": "8.0.0.1" + }, + { + "version_value": "8.0.0.2" + }, + { + "version_value": "8.0.0.3" + }, + { + "version_value": "8.0.0.4" + }, + { + "version_value": "8.0.0.5" + }, + { + "version_value": "8.0.0.6" + }, + { + "version_value": "8.0.0.7" + }, + { + "version_value": "7.5.0.1" + }, + { + "version_value": "7.5.0.2" + }, + { + "version_value": "7.5.0.3" + }, + { + "version_value": "7.5.0.4" + }, + { + "version_value": "7.5.0.5" + }, + { + "version_value": "7.5.0.6" + }, + { + "version_value": "7.5.0.7" + }, + { + "version_value": "7.5.0.8" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127803", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127803" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22005525", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22005525" - }, - { - "name" : "102163", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102163" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127803", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127803" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22005525", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22005525" + }, + { + "name": "102163", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102163" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1446.json b/2017/1xxx/CVE-2017-1446.json index 7dc569da646..9d6e2f99c02 100644 --- a/2017/1xxx/CVE-2017-1446.json +++ b/2017/1xxx/CVE-2017-1446.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-08-28T00:00:00", - "ID" : "CVE-2017-1446", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Emptoris Spend Analysis", - "version" : { - "version_data" : [ - { - "version_value" : "9.5.0.0" - }, - { - "version_value" : "10.0.0" - }, - { - "version_value" : "10.0.1" - }, - { - "version_value" : "10.0.2" - }, - { - "version_value" : "10.0.4" - }, - { - "version_value" : "10.1.0" - }, - { - "version_value" : "10.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128171." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-08-28T00:00:00", + "ID": "CVE-2017-1446", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Emptoris Spend Analysis", + "version": { + "version_data": [ + { + "version_value": "9.5.0.0" + }, + { + "version_value": "10.0.0" + }, + { + "version_value": "10.0.1" + }, + { + "version_value": "10.0.2" + }, + { + "version_value": "10.0.4" + }, + { + "version_value": "10.1.0" + }, + { + "version_value": "10.1.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128171", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128171" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg22005787", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg22005787" - }, - { - "name" : "99541", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128171." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99541", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99541" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128171", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128171" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005787", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005787" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1904.json b/2017/1xxx/CVE-2017-1904.json index 12edc15c283..e3e922f3d49 100644 --- a/2017/1xxx/CVE-2017-1904.json +++ b/2017/1xxx/CVE-2017-1904.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1904", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1904", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5101.json b/2017/5xxx/CVE-2017-5101.json index 7f533e59eea..d2f588deb30 100644 --- a/2017/5xxx/CVE-2017-5101.json +++ b/2017/5xxx/CVE-2017-5101.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Inappropriate implementation" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5101", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/681740", - "refsource" : "MISC", - "url" : "https://crbug.com/681740" - }, - { - "name" : "DSA-3926", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3926" - }, - { - "name" : "GLSA-201709-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-15" - }, - { - "name" : "RHSA-2017:1833", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1833" - }, - { - "name" : "99950", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/681740", + "refsource": "MISC", + "url": "https://crbug.com/681740" + }, + { + "name": "GLSA-201709-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-15" + }, + { + "name": "DSA-3926", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3926" + }, + { + "name": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html" + }, + { + "name": "99950", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99950" + }, + { + "name": "RHSA-2017:1833", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1833" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5103.json b/2017/5xxx/CVE-2017-5103.json index 64731d344e9..113722b052d 100644 --- a/2017/5xxx/CVE-2017-5103.json +++ b/2017/5xxx/CVE-2017-5103.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Uninitialized Use" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/726199", - "refsource" : "MISC", - "url" : "https://crbug.com/726199" - }, - { - "name" : "DSA-3926", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3926" - }, - { - "name" : "GLSA-201709-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-15" - }, - { - "name" : "RHSA-2017:1833", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1833" - }, - { - "name" : "99950", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uninitialized Use" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/726199", + "refsource": "MISC", + "url": "https://crbug.com/726199" + }, + { + "name": "GLSA-201709-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-15" + }, + { + "name": "DSA-3926", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3926" + }, + { + "name": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html" + }, + { + "name": "99950", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99950" + }, + { + "name": "RHSA-2017:1833", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1833" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5116.json b/2017/5xxx/CVE-2017-5116.json index 0b073767623..6dcd972d97c 100644 --- a/2017/5xxx/CVE-2017-5116.json +++ b/2017/5xxx/CVE-2017-5116.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 61.0.3163.79 for Mac, Windows and Linux, and 61.0.3163.81 for Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 61.0.3163.79 for Mac, Windows and Linux, and 61.0.3163.81 for Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Type confusion" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 61.0.3163.79 for Mac, Windows and Linux, and 61.0.3163.81 for Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 61.0.3163.79 for Mac, Windows and Linux, and 61.0.3163.81 for Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://security.googleblog.com/2018/01/android-security-ecosystem-investments.html", - "refsource" : "MISC", - "url" : "https://security.googleblog.com/2018/01/android-security-ecosystem-investments.html" - }, - { - "name" : "https://crbug.com/759624", - "refsource" : "MISC", - "url" : "https://crbug.com/759624" - }, - { - "name" : "DSA-3985", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3985" - }, - { - "name" : "GLSA-201709-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-15" - }, - { - "name" : "RHSA-2017:2676", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2676" - }, - { - "name" : "100610", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100610" - }, - { - "name" : "1039291", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type confusion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-15" + }, + { + "name": "RHSA-2017:2676", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2676" + }, + { + "name": "1039291", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039291" + }, + { + "name": "100610", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100610" + }, + { + "name": "DSA-3985", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3985" + }, + { + "name": "https://security.googleblog.com/2018/01/android-security-ecosystem-investments.html", + "refsource": "MISC", + "url": "https://security.googleblog.com/2018/01/android-security-ecosystem-investments.html" + }, + { + "name": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html" + }, + { + "name": "https://crbug.com/759624", + "refsource": "MISC", + "url": "https://crbug.com/759624" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5537.json b/2017/5xxx/CVE-2017-5537.json index 61309c23019..fd1a3b7ad25 100644 --- a/2017/5xxx/CVE-2017-5537.json +++ b/2017/5xxx/CVE-2017-5537.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate user accounts via a series of requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170118 CVE request Weblate: information disclosure in password reset form", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/18/11" - }, - { - "name" : "[oss-security] 20170119 Re: CVE request Weblate: information disclosure in password reset form", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/20/1" - }, - { - "name" : "https://github.com/WeblateOrg/weblate/blob/weblate-2.10.1/docs/changes.rst", - "refsource" : "CONFIRM", - "url" : "https://github.com/WeblateOrg/weblate/blob/weblate-2.10.1/docs/changes.rst" - }, - { - "name" : "https://github.com/WeblateOrg/weblate/commit/abe0d2a29a1d8e896bfe829c8461bf8b391f1079", - "refsource" : "CONFIRM", - "url" : "https://github.com/WeblateOrg/weblate/commit/abe0d2a29a1d8e896bfe829c8461bf8b391f1079" - }, - { - "name" : "https://github.com/WeblateOrg/weblate/issues/1317", - "refsource" : "CONFIRM", - "url" : "https://github.com/WeblateOrg/weblate/issues/1317" - }, - { - "name" : "95676", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95676" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate user accounts via a series of requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/WeblateOrg/weblate/commit/abe0d2a29a1d8e896bfe829c8461bf8b391f1079", + "refsource": "CONFIRM", + "url": "https://github.com/WeblateOrg/weblate/commit/abe0d2a29a1d8e896bfe829c8461bf8b391f1079" + }, + { + "name": "[oss-security] 20170118 CVE request Weblate: information disclosure in password reset form", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/18/11" + }, + { + "name": "https://github.com/WeblateOrg/weblate/issues/1317", + "refsource": "CONFIRM", + "url": "https://github.com/WeblateOrg/weblate/issues/1317" + }, + { + "name": "[oss-security] 20170119 Re: CVE request Weblate: information disclosure in password reset form", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/20/1" + }, + { + "name": "95676", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95676" + }, + { + "name": "https://github.com/WeblateOrg/weblate/blob/weblate-2.10.1/docs/changes.rst", + "refsource": "CONFIRM", + "url": "https://github.com/WeblateOrg/weblate/blob/weblate-2.10.1/docs/changes.rst" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5548.json b/2017/5xxx/CVE-2017-5548.json index 046ecbb4d64..076e98102e6 100644 --- a/2017/5xxx/CVE-2017-5548.json +++ b/2017/5xxx/CVE-2017-5548.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/net/ieee802154/atusb.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170120 Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/21/3" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05a974efa4bdf6e2a150e3f27dc6fcf0a9ad5655", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05a974efa4bdf6e2a150e3f27dc6fcf0a9ad5655" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.6", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.6" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1416110", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1416110" - }, - { - "name" : "https://github.com/torvalds/linux/commit/05a974efa4bdf6e2a150e3f27dc6fcf0a9ad5655", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/05a974efa4bdf6e2a150e3f27dc6fcf0a9ad5655" - }, - { - "name" : "95710", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95710" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/net/ieee802154/atusb.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170120 Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/21/3" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.6", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.6" + }, + { + "name": "95710", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95710" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1416110", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1416110" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05a974efa4bdf6e2a150e3f27dc6fcf0a9ad5655", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05a974efa4bdf6e2a150e3f27dc6fcf0a9ad5655" + }, + { + "name": "https://github.com/torvalds/linux/commit/05a974efa4bdf6e2a150e3f27dc6fcf0a9ad5655", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/05a974efa4bdf6e2a150e3f27dc6fcf0a9ad5655" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5795.json b/2017/5xxx/CVE-2017-5795.json index 70e6be6be21..5731f3577dc 100644 --- a/2017/5xxx/CVE-2017-5795.json +++ b/2017/5xxx/CVE-2017-5795.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-03-08T00:00:00", - "ID" : "CVE-2017-5795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Management Center (IMC) PLAT", - "version" : { - "version_data" : [ - { - "version_value" : "PLAT 7.2 E0403P06" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Local Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) version PLAT 7.2 E0403P06 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Local Arbitrary File Download" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-03-08T00:00:00", + "ID": "CVE-2017-5795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Management Center (IMC) PLAT", + "version": { + "version_data": [ + { + "version_value": "PLAT 7.2 E0403P06" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03714en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03714en_us" - }, - { - "name" : "96773", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96773" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Local Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) version PLAT 7.2 E0403P06 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Local Arbitrary File Download" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03714en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03714en_us" + }, + { + "name": "96773", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96773" + } + ] + } +} \ No newline at end of file