From 4779886b8748b89c82a4c7f7bd10452614c9c27c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:42:20 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0285.json | 200 +++++++++--------- 2006/0xxx/CVE-2006-0377.json | 310 +++++++++++++-------------- 2006/0xxx/CVE-2006-0687.json | 180 ++++++++-------- 2006/3xxx/CVE-2006-3001.json | 160 +++++++------- 2006/3xxx/CVE-2006-3132.json | 180 ++++++++-------- 2006/3xxx/CVE-2006-3199.json | 200 +++++++++--------- 2006/3xxx/CVE-2006-3720.json | 230 ++++++++++---------- 2006/3xxx/CVE-2006-3840.json | 220 +++++++++---------- 2006/4xxx/CVE-2006-4365.json | 190 ++++++++--------- 2006/4xxx/CVE-2006-4706.json | 170 +++++++-------- 2006/4xxx/CVE-2006-4978.json | 190 ++++++++--------- 2006/7xxx/CVE-2006-7063.json | 140 ++++++------ 2010/2xxx/CVE-2010-2151.json | 160 +++++++------- 2010/2xxx/CVE-2010-2163.json | 400 +++++++++++++++++------------------ 2010/2xxx/CVE-2010-2467.json | 160 +++++++------- 2010/2xxx/CVE-2010-2634.json | 120 +++++------ 2010/2xxx/CVE-2010-2850.json | 190 ++++++++--------- 2010/3xxx/CVE-2010-3379.json | 34 +-- 2010/3xxx/CVE-2010-3773.json | 280 ++++++++++++------------ 2010/3xxx/CVE-2010-3934.json | 140 ++++++------ 2011/0xxx/CVE-2011-0266.json | 190 ++++++++--------- 2011/0xxx/CVE-2011-0413.json | 320 ++++++++++++++-------------- 2011/1xxx/CVE-2011-1164.json | 140 ++++++------ 2011/1xxx/CVE-2011-1186.json | 170 +++++++-------- 2011/1xxx/CVE-2011-1317.json | 130 ++++++------ 2011/1xxx/CVE-2011-1665.json | 140 ++++++------ 2011/4xxx/CVE-2011-4484.json | 34 +-- 2011/5xxx/CVE-2011-5031.json | 160 +++++++------- 2014/3xxx/CVE-2014-3061.json | 140 ++++++------ 2014/3xxx/CVE-2014-3219.json | 190 ++++++++--------- 2014/3xxx/CVE-2014-3357.json | 160 +++++++------- 2014/3xxx/CVE-2014-3884.json | 130 ++++++------ 2014/6xxx/CVE-2014-6012.json | 140 ++++++------ 2014/6xxx/CVE-2014-6099.json | 150 ++++++------- 2014/6xxx/CVE-2014-6768.json | 140 ++++++------ 2014/7xxx/CVE-2014-7480.json | 34 +-- 2014/7xxx/CVE-2014-7523.json | 140 ++++++------ 2014/8xxx/CVE-2014-8188.json | 34 +-- 2014/8xxx/CVE-2014-8435.json | 34 +-- 2014/8xxx/CVE-2014-8838.json | 150 ++++++------- 2016/2xxx/CVE-2016-2127.json | 34 +-- 2016/2xxx/CVE-2016-2157.json | 150 ++++++------- 2016/2xxx/CVE-2016-2459.json | 130 ++++++------ 2016/2xxx/CVE-2016-2620.json | 34 +-- 2016/2xxx/CVE-2016-2631.json | 34 +-- 2016/6xxx/CVE-2016-6452.json | 130 ++++++------ 2017/1xxx/CVE-2017-1532.json | 388 ++++++++++++++++----------------- 2017/5xxx/CVE-2017-5268.json | 34 +-- 2017/5xxx/CVE-2017-5313.json | 34 +-- 2017/5xxx/CVE-2017-5404.json | 314 +++++++++++++-------------- 2017/5xxx/CVE-2017-5765.json | 34 +-- 51 files changed, 3948 insertions(+), 3948 deletions(-) diff --git a/2006/0xxx/CVE-2006-0285.json b/2006/0xxx/CVE-2006-0285.json index 9bd0ef88ab1..d2dacc2eaf3 100644 --- a/2006/0xxx/CVE-2006-0285.json +++ b/2006/0xxx/CVE-2006-0285.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Net component of Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.4, and Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, has unspecified impact and attack vectors, as identified by Oracle Vuln# JN01." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" - }, - { - "name" : "VU#545804", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/545804" - }, - { - "name" : "16287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16287" - }, - { - "name" : "ADV-2006-0243", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0243" - }, - { - "name" : "ADV-2006-0323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0323" - }, - { - "name" : "1015499", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015499" - }, - { - "name" : "18493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18493" - }, - { - "name" : "18608", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18608" - }, - { - "name" : "oracle-january2006-update(24321)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Net component of Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.4, and Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, has unspecified impact and attack vectors, as identified by Oracle Vuln# JN01." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-january2006-update(24321)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" + }, + { + "name": "18493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18493" + }, + { + "name": "ADV-2006-0323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0323" + }, + { + "name": "16287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16287" + }, + { + "name": "VU#545804", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/545804" + }, + { + "name": "1015499", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015499" + }, + { + "name": "ADV-2006-0243", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0243" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" + }, + { + "name": "18608", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18608" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0377.json b/2006/0xxx/CVE-2006-0377.json index cd2f14b87fd..21d71b5b08f 100644 --- a/2006/0xxx/CVE-2006-0377.json +++ b/2006/0xxx/CVE-2006-0377.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka \"IMAP injection.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.squirrelmail.org/security/issue/2006-02-15", - "refsource" : "CONFIRM", - "url" : "http://www.squirrelmail.org/security/issue/2006-02-15" - }, - { - "name" : "DSA-988", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-988" - }, - { - "name" : "FEDORA-2006-133", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html" - }, - { - "name" : "GLSA-200603-09", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml" - }, - { - "name" : "MDKSA-2006:049", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:049" - }, - { - "name" : "RHSA-2006:0283", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0283.html" - }, - { - "name" : "20060501-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc" - }, - { - "name" : "SUSE-SR:2006:005", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_05_sr.html" - }, - { - "name" : "16756", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16756" - }, - { - "name" : "oval:org.mitre.oval:def:11470", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11470" - }, - { - "name" : "ADV-2006-0689", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0689" - }, - { - "name" : "1015662", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015662" - }, - { - "name" : "18985", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18985" - }, - { - "name" : "19131", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19131" - }, - { - "name" : "19130", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19130" - }, - { - "name" : "19176", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19176" - }, - { - "name" : "19205", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19205" - }, - { - "name" : "19960", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19960" - }, - { - "name" : "20210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20210" - }, - { - "name" : "squirrelmail-mailbox-imap-injection(24849)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka \"IMAP injection.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2006:049", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:049" + }, + { + "name": "RHSA-2006:0283", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0283.html" + }, + { + "name": "19176", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19176" + }, + { + "name": "http://www.squirrelmail.org/security/issue/2006-02-15", + "refsource": "CONFIRM", + "url": "http://www.squirrelmail.org/security/issue/2006-02-15" + }, + { + "name": "FEDORA-2006-133", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html" + }, + { + "name": "SUSE-SR:2006:005", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html" + }, + { + "name": "20210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20210" + }, + { + "name": "ADV-2006-0689", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0689" + }, + { + "name": "18985", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18985" + }, + { + "name": "oval:org.mitre.oval:def:11470", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11470" + }, + { + "name": "19205", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19205" + }, + { + "name": "squirrelmail-mailbox-imap-injection(24849)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24849" + }, + { + "name": "19960", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19960" + }, + { + "name": "16756", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16756" + }, + { + "name": "19130", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19130" + }, + { + "name": "20060501-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc" + }, + { + "name": "DSA-988", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-988" + }, + { + "name": "19131", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19131" + }, + { + "name": "GLSA-200603-09", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml" + }, + { + "name": "1015662", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015662" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0687.json b/2006/0xxx/CVE-2006-0687.json index 2294032ffb1..7a8d8816408 100644 --- a/2006/0xxx/CVE-2006-0687.json +++ b/2006/0xxx/CVE-2006-0687.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "process.php in DocMGR 0.54.2 does not initialize the $siteModInfo variable when a direct request is made, which allows remote attackers to include arbitrary local files or possibly remote files via a modified includeModule and siteModInfo variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060212 DocMGR <= 0.54.2 arbitrary remote inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424818/100/0/threaded" - }, - { - "name" : "http://retrogod.altervista.org/docmgr_0542_incl_xpl.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/docmgr_0542_incl_xpl.html" - }, - { - "name" : "16601", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16601" - }, - { - "name" : "ADV-2006-0544", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0544" - }, - { - "name" : "18803", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18803" - }, - { - "name" : "428", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/428" - }, - { - "name" : "docmgr-process-file-include(24694)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24694" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "process.php in DocMGR 0.54.2 does not initialize the $siteModInfo variable when a direct request is made, which allows remote attackers to include arbitrary local files or possibly remote files via a modified includeModule and siteModInfo variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "428", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/428" + }, + { + "name": "16601", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16601" + }, + { + "name": "18803", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18803" + }, + { + "name": "ADV-2006-0544", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0544" + }, + { + "name": "20060212 DocMGR <= 0.54.2 arbitrary remote inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424818/100/0/threaded" + }, + { + "name": "docmgr-process-file-include(24694)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24694" + }, + { + "name": "http://retrogod.altervista.org/docmgr_0542_incl_xpl.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/docmgr_0542_incl_xpl.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3001.json b/2006/3xxx/CVE-2006-3001.json index 182c8247387..2a8f1f2796f 100644 --- a/2006/3xxx/CVE-2006-3001.json +++ b/2006/3xxx/CVE-2006-3001.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3001", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.php in OkScripts OkMall 1.0 allow remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: this might be resultant from another vulnerability, since the XSS is reflected in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060608 okscripts.com - XSS Vulns", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436561" - }, - { - "name" : "ADV-2006-2282", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2282" - }, - { - "name" : "20621", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20621" - }, - { - "name" : "1080", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1080" - }, - { - "name" : "okmall-search-xss(27131)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.php in OkScripts OkMall 1.0 allow remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: this might be resultant from another vulnerability, since the XSS is reflected in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20621", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20621" + }, + { + "name": "20060608 okscripts.com - XSS Vulns", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436561" + }, + { + "name": "okmall-search-xss(27131)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27131" + }, + { + "name": "ADV-2006-2282", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2282" + }, + { + "name": "1080", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1080" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3132.json b/2006/3xxx/CVE-2006-3132.json index 805119cd608..2715228f166 100644 --- a/2006/3xxx/CVE-2006-3132.json +++ b/2006/3xxx/CVE-2006-3132.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in qtofm.php4 in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, as originally reported for index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060618 qtofilemanager xss attack !", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437754/100/0/threaded" - }, - { - "name" : "18510", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18510" - }, - { - "name" : "ADV-2006-2434", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2434" - }, - { - "name" : "1016333", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016333" - }, - { - "name" : "20681", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20681" - }, - { - "name" : "1118", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1118" - }, - { - "name" : "qtofilemanager-index-xss(27310)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in qtofm.php4 in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, as originally reported for index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18510", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18510" + }, + { + "name": "qtofilemanager-index-xss(27310)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27310" + }, + { + "name": "20681", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20681" + }, + { + "name": "20060618 qtofilemanager xss attack !", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437754/100/0/threaded" + }, + { + "name": "ADV-2006-2434", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2434" + }, + { + "name": "1016333", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016333" + }, + { + "name": "1118", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1118" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3199.json b/2006/3xxx/CVE-2006-3199.json index 0c6a5b28819..32e0606b70b 100644 --- a/2006/3xxx/CVE-2006-3199.json +++ b/2006/3xxx/CVE-2006-3199.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera 9 allows remote attackers to cause a denial of service (crash) via an A tag with an href attribute with a URL containing a long hostname, which triggers an out-of-bounds operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060621 Opera 9 DoS PoC", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437945/100/0/threaded" - }, - { - "name" : "20060624 Re: Opera 9 DoS PoC", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438326/100/0/threaded" - }, - { - "name" : "http://my.opera.com/community/forums/topic.dml?id=144635", - "refsource" : "MISC", - "url" : "http://my.opera.com/community/forums/topic.dml?id=144635" - }, - { - "name" : "http://www.critical.lt/?vuln/349", - "refsource" : "MISC", - "url" : "http://www.critical.lt/?vuln/349" - }, - { - "name" : "18585", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18585" - }, - { - "name" : "ADV-2006-2617", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2617" - }, - { - "name" : "27510", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27510" - }, - { - "name" : "1016359", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016359" - }, - { - "name" : "opera-href-dos(27289)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27289" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera 9 allows remote attackers to cause a denial of service (crash) via an A tag with an href attribute with a URL containing a long hostname, which triggers an out-of-bounds operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060621 Opera 9 DoS PoC", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437945/100/0/threaded" + }, + { + "name": "27510", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27510" + }, + { + "name": "1016359", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016359" + }, + { + "name": "opera-href-dos(27289)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27289" + }, + { + "name": "20060624 Re: Opera 9 DoS PoC", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438326/100/0/threaded" + }, + { + "name": "http://my.opera.com/community/forums/topic.dml?id=144635", + "refsource": "MISC", + "url": "http://my.opera.com/community/forums/topic.dml?id=144635" + }, + { + "name": "ADV-2006-2617", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2617" + }, + { + "name": "18585", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18585" + }, + { + "name": "http://www.critical.lt/?vuln/349", + "refsource": "MISC", + "url": "http://www.critical.lt/?vuln/349" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3720.json b/2006/3xxx/CVE-2006-3720.json index 3facf556566..133a7f387ad 100644 --- a/2006/3xxx/CVE-2006-3720.json +++ b/2006/3xxx/CVE-2006-3720.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Enterprise Config Management for Oracle Enterprise Manager 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# EM02." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" - }, - { - "name" : "TA06-200A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" - }, - { - "name" : "19054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19054" - }, - { - "name" : "ADV-2006-2863", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2863" - }, - { - "name" : "ADV-2006-2947", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2947" - }, - { - "name" : "1016529", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016529" - }, - { - "name" : "21111", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21111" - }, - { - "name" : "21165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21165" - }, - { - "name" : "oracle-cpu-july-2006(27897)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Enterprise Config Management for Oracle Enterprise Manager 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# EM02." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016529", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016529" + }, + { + "name": "19054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19054" + }, + { + "name": "oracle-cpu-july-2006(27897)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" + }, + { + "name": "21165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21165" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded" + }, + { + "name": "ADV-2006-2947", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2947" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded" + }, + { + "name": "TA06-200A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" + }, + { + "name": "21111", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21111" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" + }, + { + "name": "ADV-2006-2863", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2863" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3840.json b/2006/3xxx/CVE-2006-3840.json index f97843f6e6e..d53da8459f0 100644 --- a/2006/3xxx/CVE-2006-3840.json +++ b/2006/3xxx/CVE-2006-3840.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3840", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SMB Mailslot parsing functionality in PAM in multiple ISS products with XPU (24.39/1.78/epj/x.x.x.1780), including Proventia A, G, M, Server, and Desktop, BlackICE PC and Server Protection 3.6, and RealSecure 7.0, allows remote attackers to cause a denial of service (infinite loop) via a crafted SMB packet that is not properly handled by the SMB_Mailslot_Heap_Overflow decode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060727 NSFOCUS SA2006-07 : ISS RealSecure/BlackICE MailSlot Heap Overflow Detection Remote DoS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441278/100/0/threaded" - }, - { - "name" : "http://www.nsfocus.com/english/homepage/research/0607.htm", - "refsource" : "MISC", - "url" : "http://www.nsfocus.com/english/homepage/research/0607.htm" - }, - { - "name" : "20060726 Protocol Parsing Bug in SMB Mailslot Parsing in ISS Products", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/xforce/alerts/id/230" - }, - { - "name" : "https://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=3630", - "refsource" : "CONFIRM", - "url" : "https://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=3630" - }, - { - "name" : "19178", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19178" - }, - { - "name" : "ADV-2006-2996", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2996" - }, - { - "name" : "1016592", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016592" - }, - { - "name" : "1016590", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016590" - }, - { - "name" : "1016591", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016591" - }, - { - "name" : "21219", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21219" - }, - { - "name" : "pam-smb-mailslot-dos(27965)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27965" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SMB Mailslot parsing functionality in PAM in multiple ISS products with XPU (24.39/1.78/epj/x.x.x.1780), including Proventia A, G, M, Server, and Desktop, BlackICE PC and Server Protection 3.6, and RealSecure 7.0, allows remote attackers to cause a denial of service (infinite loop) via a crafted SMB packet that is not properly handled by the SMB_Mailslot_Heap_Overflow decode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=3630", + "refsource": "CONFIRM", + "url": "https://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=3630" + }, + { + "name": "20060727 NSFOCUS SA2006-07 : ISS RealSecure/BlackICE MailSlot Heap Overflow Detection Remote DoS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441278/100/0/threaded" + }, + { + "name": "http://www.nsfocus.com/english/homepage/research/0607.htm", + "refsource": "MISC", + "url": "http://www.nsfocus.com/english/homepage/research/0607.htm" + }, + { + "name": "21219", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21219" + }, + { + "name": "ADV-2006-2996", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2996" + }, + { + "name": "1016592", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016592" + }, + { + "name": "20060726 Protocol Parsing Bug in SMB Mailslot Parsing in ISS Products", + "refsource": "ISS", + "url": "http://xforce.iss.net/xforce/alerts/id/230" + }, + { + "name": "19178", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19178" + }, + { + "name": "1016590", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016590" + }, + { + "name": "pam-smb-mailslot-dos(27965)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27965" + }, + { + "name": "1016591", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016591" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4365.json b/2006/4xxx/CVE-2006-4365.json index a9a8479833a..3388f2baad0 100644 --- a/2006/4xxx/CVE-2006-4365.json +++ b/2006/4xxx/CVE-2006-4365.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4365", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in VistaBB 2.0.33 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/functions_mod_user.php or (2) includes/functions_portal.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4365", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060824 VistaBB <= 2.x Multiple File Inclusion", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=115641059002219&w=2" - }, - { - "name" : "2251", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2251" - }, - { - "name" : "http://www.nukedx.com/?viewdoc=48", - "refsource" : "MISC", - "url" : "http://www.nukedx.com/?viewdoc=48" - }, - { - "name" : "19685", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19685" - }, - { - "name" : "ADV-2006-3369", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3369" - }, - { - "name" : "28140", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28140" - }, - { - "name" : "28141", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28141" - }, - { - "name" : "21602", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in VistaBB 2.0.33 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/functions_mod_user.php or (2) includes/functions_portal.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3369", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3369" + }, + { + "name": "2251", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2251" + }, + { + "name": "19685", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19685" + }, + { + "name": "http://www.nukedx.com/?viewdoc=48", + "refsource": "MISC", + "url": "http://www.nukedx.com/?viewdoc=48" + }, + { + "name": "20060824 VistaBB <= 2.x Multiple File Inclusion", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=115641059002219&w=2" + }, + { + "name": "21602", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21602" + }, + { + "name": "28141", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28141" + }, + { + "name": "28140", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28140" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4706.json b/2006/4xxx/CVE-2006-4706.json index 8ffbaf74afb..ff9903a4b96 100644 --- a/2006/4xxx/CVE-2006-4706.json +++ b/2006/4xxx/CVE-2006-4706.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using \"java& #115;cript,\" a different vulnerability than CVE-2006-3761." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060830 [KAPDA]MyBB 1.1.7~ htmlspeacialchar_uni(), fixjavascript(), functions_post.php ~[url]XSS attack", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444807/100/100/threaded" - }, - { - "name" : "http://myimei.com/security/2006-08-15/mybb-117-htmlspeacialchar_uni-fixjavascript-functions_postphp-urlxss-attack.html", - "refsource" : "MISC", - "url" : "http://myimei.com/security/2006-08-15/mybb-117-htmlspeacialchar_uni-fixjavascript-functions_postphp-urlxss-attack.html" - }, - { - "name" : "http://www.mybboard.com/archive.php?nid=18", - "refsource" : "CONFIRM", - "url" : "http://www.mybboard.com/archive.php?nid=18" - }, - { - "name" : "ADV-2006-3418", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3418" - }, - { - "name" : "21697", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21697" - }, - { - "name" : "1541", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using \"java& #115;cript,\" a different vulnerability than CVE-2006-3761." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21697", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21697" + }, + { + "name": "1541", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1541" + }, + { + "name": "ADV-2006-3418", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3418" + }, + { + "name": "20060830 [KAPDA]MyBB 1.1.7~ htmlspeacialchar_uni(), fixjavascript(), functions_post.php ~[url]XSS attack", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444807/100/100/threaded" + }, + { + "name": "http://myimei.com/security/2006-08-15/mybb-117-htmlspeacialchar_uni-fixjavascript-functions_postphp-urlxss-attack.html", + "refsource": "MISC", + "url": "http://myimei.com/security/2006-08-15/mybb-117-htmlspeacialchar_uni-fixjavascript-functions_postphp-urlxss-attack.html" + }, + { + "name": "http://www.mybboard.com/archive.php?nid=18", + "refsource": "CONFIRM", + "url": "http://www.mybboard.com/archive.php?nid=18" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4978.json b/2006/4xxx/CVE-2006-4978.json index 9be042c73bc..bbaca204496 100644 --- a/2006/4xxx/CVE-2006-4978.json +++ b/2006/4xxx/CVE-2006-4978.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4978", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php, accessed through the front/ URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060916 PHPQuiz Multiple Remote Vulnerabilites", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446315/100/0/threaded" - }, - { - "name" : "2376", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2376" - }, - { - "name" : "http://www.morx.org/phpquiz.txt", - "refsource" : "MISC", - "url" : "http://www.morx.org/phpquiz.txt" - }, - { - "name" : "20065", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20065" - }, - { - "name" : "ADV-2006-3693", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3693" - }, - { - "name" : "22015", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22015" - }, - { - "name" : "1627", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1627" - }, - { - "name" : "phpquiz-score-sql-injection(28993)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28993" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php, accessed through the front/ URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2376", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2376" + }, + { + "name": "ADV-2006-3693", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3693" + }, + { + "name": "http://www.morx.org/phpquiz.txt", + "refsource": "MISC", + "url": "http://www.morx.org/phpquiz.txt" + }, + { + "name": "1627", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1627" + }, + { + "name": "22015", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22015" + }, + { + "name": "phpquiz-score-sql-injection(28993)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28993" + }, + { + "name": "20065", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20065" + }, + { + "name": "20060916 PHPQuiz Multiple Remote Vulnerabilites", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446315/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7063.json b/2006/7xxx/CVE-2006-7063.json index 4b85495ef64..87354cde6dc 100644 --- a/2006/7xxx/CVE-2006-7063.json +++ b/2006/7xxx/CVE-2006-7063.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 and earlier allows remote attackers to include and execute arbitrary files via \"..\" sequences in the uname parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1857", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1857" - }, - { - "name" : "18304", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18304" - }, - { - "name" : "tinyphpforum-uname-file-include(26881)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26881" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 and earlier allows remote attackers to include and execute arbitrary files via \"..\" sequences in the uname parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18304", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18304" + }, + { + "name": "tinyphpforum-uname-file-include(26881)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26881" + }, + { + "name": "1857", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1857" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2151.json b/2010/2xxx/CVE-2010-2151.json index cfb67dcf0fd..55d72327cb1 100644 --- a/2010/2xxx/CVE-2010-2151.json +++ b/2010/2xxx/CVE-2010-2151.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify \"facility reservation data\" via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-36925871-58439007-82465391.html", - "refsource" : "CONFIRM", - "url" : "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-36925871-58439007-82465391.html" - }, - { - "name" : "JVN#82465391", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN82465391/index.html" - }, - { - "name" : "JVNDB-2010-000022", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000022.html" - }, - { - "name" : "40517", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40517" - }, - { - "name" : "40029", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify \"facility reservation data\" via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40517", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40517" + }, + { + "name": "JVN#82465391", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN82465391/index.html" + }, + { + "name": "JVNDB-2010-000022", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000022.html" + }, + { + "name": "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-36925871-58439007-82465391.html", + "refsource": "CONFIRM", + "url": "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-36925871-58439007-82465391.html" + }, + { + "name": "40029", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40029" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2163.json b/2010/2xxx/CVE-2010-2163.json index 9d690140152..94aa9725342 100644 --- a/2010/2xxx/CVE-2010-2163.json +++ b/2010/2xxx/CVE-2010-2163.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-14.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-14.html" - }, - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "GLSA-201101-09", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201101-09.xml" - }, - { - "name" : "HPSBMA02547", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" - }, - { - "name" : "SSRT100179", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" - }, - { - "name" : "RHSA-2010:0464", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0464.html" - }, - { - "name" : "RHSA-2010:0470", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0470.html" - }, - { - "name" : "SUSE-SA:2010:024", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html" - }, - { - "name" : "SUSE-SR:2010:013", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" - }, - { - "name" : "TLSA-2010-19", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt" - }, - { - "name" : "TA10-162A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-162A.html" - }, - { - "name" : "40759", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40759" - }, - { - "name" : "40803", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40803" - }, - { - "name" : "oval:org.mitre.oval:def:7501", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7501" - }, - { - "name" : "oval:org.mitre.oval:def:16316", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16316" - }, - { - "name" : "1024085", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024085" - }, - { - "name" : "1024086", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024086" - }, - { - "name" : "40144", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40144" - }, - { - "name" : "40545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40545" - }, - { - "name" : "43026", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43026" - }, - { - "name" : "ADV-2010-1453", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1453" - }, - { - "name" : "ADV-2010-1421", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1421" - }, - { - "name" : "ADV-2010-1432", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1432" - }, - { - "name" : "ADV-2010-1434", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1434" - }, - { - "name" : "ADV-2010-1482", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1482" - }, - { - "name" : "ADV-2010-1522", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1522" - }, - { - "name" : "ADV-2010-1793", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1793" - }, - { - "name" : "ADV-2011-0192", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0192", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0192" + }, + { + "name": "ADV-2010-1421", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1421" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "40545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40545" + }, + { + "name": "oval:org.mitre.oval:def:7501", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7501" + }, + { + "name": "RHSA-2010:0464", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html" + }, + { + "name": "ADV-2010-1793", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1793" + }, + { + "name": "43026", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43026" + }, + { + "name": "ADV-2010-1432", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1432" + }, + { + "name": "GLSA-201101-09", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml" + }, + { + "name": "TA10-162A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "40759", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40759" + }, + { + "name": "1024085", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024085" + }, + { + "name": "SUSE-SR:2010:013", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" + }, + { + "name": "1024086", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024086" + }, + { + "name": "ADV-2010-1434", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1434" + }, + { + "name": "TLSA-2010-19", + "refsource": "TURBO", + "url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt" + }, + { + "name": "SSRT100179", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" + }, + { + "name": "SUSE-SA:2010:024", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-14.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html" + }, + { + "name": "oval:org.mitre.oval:def:16316", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16316" + }, + { + "name": "40144", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40144" + }, + { + "name": "RHSA-2010:0470", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html" + }, + { + "name": "ADV-2010-1482", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1482" + }, + { + "name": "HPSBMA02547", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" + }, + { + "name": "ADV-2010-1522", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1522" + }, + { + "name": "40803", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40803" + }, + { + "name": "ADV-2010-1453", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1453" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2467.json b/2010/2xxx/CVE-2010-2467.json index 1f57585a6f4..7e641e62bea 100644 --- a/2010/2xxx/CVE-2010-2467.json +++ b/2010/2xxx/CVE-2010-2467.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database backups, which makes it easier for remote attackers to download backup files via unspecified FTP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blip.tv/file/3414004", - "refsource" : "MISC", - "url" : "http://blip.tv/file/3414004" - }, - { - "name" : "http://www.darkreading.com/blog/archives/2010/04/attacking_door.html", - "refsource" : "MISC", - "url" : "http://www.darkreading.com/blog/archives/2010/04/attacking_door.html" - }, - { - "name" : "http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2", - "refsource" : "MISC", - "url" : "http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2" - }, - { - "name" : "http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon", - "refsource" : "MISC", - "url" : "http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon" - }, - { - "name" : "netbox-ftpserver-file-download(59828)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59828" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database backups, which makes it easier for remote attackers to download backup files via unspecified FTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.darkreading.com/blog/archives/2010/04/attacking_door.html", + "refsource": "MISC", + "url": "http://www.darkreading.com/blog/archives/2010/04/attacking_door.html" + }, + { + "name": "http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2", + "refsource": "MISC", + "url": "http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2" + }, + { + "name": "http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon", + "refsource": "MISC", + "url": "http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon" + }, + { + "name": "http://blip.tv/file/3414004", + "refsource": "MISC", + "url": "http://blip.tv/file/3414004" + }, + { + "name": "netbox-ftpserver-file-download(59828)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59828" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2634.json b/2010/2xxx/CVE-2010-2634.json index f717917cbf7..661122a8f49 100644 --- a/2010/2xxx/CVE-2010-2634.json +++ b/2010/2xxx/CVE-2010-2634.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RSA enVision before 3.7 SP1 allows remote authenticated users to cause a denial of service via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2010-2634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100806 ESA-2010-013: RSA, The Security Division of EMC, informs about potential security vulnerability in RSA enVision® versions prior to 3.7 SP1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/512929/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RSA enVision before 3.7 SP1 allows remote authenticated users to cause a denial of service via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100806 ESA-2010-013: RSA, The Security Division of EMC, informs about potential security vulnerability in RSA enVision® versions prior to 3.7 SP1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/512929/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2850.json b/2010/2xxx/CVE-2010-2850.json index 604e92b0d85..c29a50824a7 100644 --- a/2010/2xxx/CVE-2010-2850.json +++ b/2010/2xxx/CVE-2010-2850.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in productionnu2/fileuploader.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cross-site-scripting.blogspot.com/2010/07/nubuilder-100420-local-file-inclusion.html", - "refsource" : "MISC", - "url" : "http://cross-site-scripting.blogspot.com/2010/07/nubuilder-100420-local-file-inclusion.html" - }, - { - "name" : "http://packetstormsecurity.org/1007-exploits/nubuilder-lfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1007-exploits/nubuilder-lfi.txt" - }, - { - "name" : "http://www.nubuilder.com/nubuilderwww/change.php?changelog_id=14c3d1ea2a9fab", - "refsource" : "CONFIRM", - "url" : "http://www.nubuilder.com/nubuilderwww/change.php?changelog_id=14c3d1ea2a9fab" - }, - { - "name" : "41404", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41404" - }, - { - "name" : "66006", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/66006" - }, - { - "name" : "40483", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40483" - }, - { - "name" : "ADV-2010-1726", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1726" - }, - { - "name" : "nubuilder-fileuploader-file-include(60138)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in productionnu2/fileuploader.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41404", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41404" + }, + { + "name": "66006", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/66006" + }, + { + "name": "http://www.nubuilder.com/nubuilderwww/change.php?changelog_id=14c3d1ea2a9fab", + "refsource": "CONFIRM", + "url": "http://www.nubuilder.com/nubuilderwww/change.php?changelog_id=14c3d1ea2a9fab" + }, + { + "name": "40483", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40483" + }, + { + "name": "http://cross-site-scripting.blogspot.com/2010/07/nubuilder-100420-local-file-inclusion.html", + "refsource": "MISC", + "url": "http://cross-site-scripting.blogspot.com/2010/07/nubuilder-100420-local-file-inclusion.html" + }, + { + "name": "ADV-2010-1726", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1726" + }, + { + "name": "nubuilder-fileuploader-file-include(60138)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60138" + }, + { + "name": "http://packetstormsecurity.org/1007-exploits/nubuilder-lfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1007-exploits/nubuilder-lfi.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3379.json b/2010/3xxx/CVE-2010-3379.json index 43c192dc394..87fd5058145 100644 --- a/2010/3xxx/CVE-2010-3379.json +++ b/2010/3xxx/CVE-2010-3379.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3379", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3379", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3773.json b/2010/3xxx/CVE-2010-3773.json index a6605f6e745..98265a982e4 100644 --- a/2010/3xxx/CVE-2010-3773.json +++ b/2010/3xxx/CVE-2010-3773.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0179." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-82.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-82.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=554449", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=554449" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100124650", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100124650" - }, - { - "name" : "DSA-2132", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2132" - }, - { - "name" : "FEDORA-2010-18773", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html" - }, - { - "name" : "FEDORA-2010-18775", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html" - }, - { - "name" : "FEDORA-2010-18890", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html" - }, - { - "name" : "FEDORA-2010-18920", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html" - }, - { - "name" : "MDVSA-2010:251", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251" - }, - { - "name" : "RHSA-2010:0966", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0966.html" - }, - { - "name" : "SUSE-SA:2011:003", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html" - }, - { - "name" : "USN-1019-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1019-1" - }, - { - "name" : "45354", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45354" - }, - { - "name" : "oval:org.mitre.oval:def:11960", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11960" - }, - { - "name" : "42716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42716" - }, - { - "name" : "42818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42818" - }, - { - "name" : "ADV-2011-0030", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0179." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2011:003", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html" + }, + { + "name": "FEDORA-2010-18775", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html" + }, + { + "name": "MDVSA-2010:251", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100124650", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100124650" + }, + { + "name": "RHSA-2010:0966", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0966.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=554449", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=554449" + }, + { + "name": "USN-1019-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1019-1" + }, + { + "name": "45354", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45354" + }, + { + "name": "42818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42818" + }, + { + "name": "oval:org.mitre.oval:def:11960", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11960" + }, + { + "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-82.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-82.html" + }, + { + "name": "DSA-2132", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2132" + }, + { + "name": "FEDORA-2010-18920", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html" + }, + { + "name": "ADV-2011-0030", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0030" + }, + { + "name": "FEDORA-2010-18890", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html" + }, + { + "name": "42716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42716" + }, + { + "name": "FEDORA-2010-18773", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3934.json b/2010/3xxx/CVE-2010-3934.json index 1433ce55086..ae409785394 100644 --- a/2010/3xxx/CVE-2010-3934.json +++ b/2010/3xxx/CVE-2010-3934.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an IFRAME element. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1009-exploits/blackberry-crossorigin.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1009-exploits/blackberry-crossorigin.txt" - }, - { - "name" : "1024506", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024506" - }, - { - "name" : "41536", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41536" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an IFRAME element. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/1009-exploits/blackberry-crossorigin.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1009-exploits/blackberry-crossorigin.txt" + }, + { + "name": "41536", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41536" + }, + { + "name": "1024506", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024506" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0266.json b/2011/0xxx/CVE-2011-0266.json index fb36e2e4579..87396185468 100644 --- a/2011/0xxx/CVE-2011-0266.json +++ b/2011/0xxx/CVE-2011-0266.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0266", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long nameParams parameter, a different vulnerability than CVE-2011-0267.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-0266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-008/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-008/" - }, - { - "name" : "HPSBMA02621", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/515628" - }, - { - "name" : "SSRT100352", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/515628" - }, - { - "name" : "45762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45762" - }, - { - "name" : "1024951", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024951" - }, - { - "name" : "8151", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8151" - }, - { - "name" : "ADV-2011-0085", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0085" - }, - { - "name" : "hp-opennnm-nameparams-bo(64650)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64650" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long nameParams parameter, a different vulnerability than CVE-2011-0267.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMA02621", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/515628" + }, + { + "name": "ADV-2011-0085", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0085" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-008/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-008/" + }, + { + "name": "SSRT100352", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/515628" + }, + { + "name": "8151", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8151" + }, + { + "name": "45762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45762" + }, + { + "name": "1024951", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024951" + }, + { + "name": "hp-opennnm-nameparams-bo(64650)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64650" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0413.json b/2011/0xxx/CVE-2011-0413.json index d2eb0bc85fd..44b1410326a 100644 --- a/2011/0xxx/CVE-2011-0413.json +++ b/2011/0xxx/CVE-2011-0413.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-0413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.isc.org/software/dhcp/advisories/cve-2011-0413", - "refsource" : "CONFIRM", - "url" : "http://www.isc.org/software/dhcp/advisories/cve-2011-0413" - }, - { - "name" : "https://kb.isc.org/article/AA-00456", - "refsource" : "CONFIRM", - "url" : "https://kb.isc.org/article/AA-00456" - }, - { - "name" : "DSA-2184", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2184" - }, - { - "name" : "FEDORA-2011-0862", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053644.html" - }, - { - "name" : "MDVSA-2011:022", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:022" - }, - { - "name" : "RHSA-2011:0256", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0256.html" - }, - { - "name" : "VU#686084", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/686084" - }, - { - "name" : "46035", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46035" - }, - { - "name" : "70680", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/70680" - }, - { - "name" : "1024999", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024999" - }, - { - "name" : "43006", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43006" - }, - { - "name" : "43104", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43104" - }, - { - "name" : "43167", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43167" - }, - { - "name" : "43354", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43354" - }, - { - "name" : "43613", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43613" - }, - { - "name" : "ADV-2011-0235", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0235" - }, - { - "name" : "ADV-2011-0266", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0266" - }, - { - "name" : "ADV-2011-0300", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0300" - }, - { - "name" : "ADV-2011-0400", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0400" - }, - { - "name" : "ADV-2011-0583", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0583" - }, - { - "name" : "dhcp-dhcpv6-dos(64959)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64959" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0266", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0266" + }, + { + "name": "43006", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43006" + }, + { + "name": "ADV-2011-0235", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0235" + }, + { + "name": "43354", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43354" + }, + { + "name": "dhcp-dhcpv6-dos(64959)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64959" + }, + { + "name": "70680", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/70680" + }, + { + "name": "43104", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43104" + }, + { + "name": "https://kb.isc.org/article/AA-00456", + "refsource": "CONFIRM", + "url": "https://kb.isc.org/article/AA-00456" + }, + { + "name": "MDVSA-2011:022", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:022" + }, + { + "name": "ADV-2011-0583", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0583" + }, + { + "name": "ADV-2011-0300", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0300" + }, + { + "name": "43613", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43613" + }, + { + "name": "1024999", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024999" + }, + { + "name": "43167", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43167" + }, + { + "name": "RHSA-2011:0256", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0256.html" + }, + { + "name": "46035", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46035" + }, + { + "name": "FEDORA-2011-0862", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053644.html" + }, + { + "name": "http://www.isc.org/software/dhcp/advisories/cve-2011-0413", + "refsource": "CONFIRM", + "url": "http://www.isc.org/software/dhcp/advisories/cve-2011-0413" + }, + { + "name": "ADV-2011-0400", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0400" + }, + { + "name": "DSA-2184", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2184" + }, + { + "name": "VU#686084", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/686084" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1164.json b/2011/1xxx/CVE-2011-1164.json index f8148176201..f6c079b7552 100644 --- a/2011/1xxx/CVE-2011-1164.json +++ b/2011/1xxx/CVE-2011-1164.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=553477", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=553477" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=596190", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=596190" - }, - { - "name" : "RHSA-2013:0169", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0169.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:0169", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=596190", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=596190" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=553477", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=553477" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1186.json b/2011/1xxx/CVE-2011-1186.json index 7145301f35d..235893a83b3 100644 --- a/2011/1xxx/CVE-2011-1186.json +++ b/2011/1xxx/CVE-2011-1186.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 10.0.648.127 on Linux does not properly handle parallel execution of calls to the print method, which might allow remote attackers to cause a denial of service (application crash) via crafted JavaScript code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=66962", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=66962" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html" - }, - { - "name" : "46785", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46785" - }, - { - "name" : "oval:org.mitre.oval:def:14255", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14255" - }, - { - "name" : "ADV-2011-0628", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0628" - }, - { - "name" : "google-parallel-dos(65950)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 10.0.648.127 on Linux does not properly handle parallel execution of calls to the print method, which might allow remote attackers to cause a denial of service (application crash) via crafted JavaScript code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=66962", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=66962" + }, + { + "name": "46785", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46785" + }, + { + "name": "google-parallel-dos(65950)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65950" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html" + }, + { + "name": "oval:org.mitre.oval:def:14255", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14255" + }, + { + "name": "ADV-2011-0628", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0628" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1317.json b/2011/1xxx/CVE-2011-1317.json index caac91a3385..866e07ff4d7 100644 --- a/2011/1xxx/CVE-2011-1317.json +++ b/2011/1xxx/CVE-2011-1317.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by sending many JSP requests that trigger large responses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" - }, - { - "name" : "PM19500", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM19500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by sending many JSP requests that trigger large responses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PM19500", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM19500" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1665.json b/2011/1xxx/CVE-2011-1665.json index f374486c6ea..c579d496f7a 100644 --- a/2011/1xxx/CVE-2011-1665.json +++ b/2011/1xxx/CVE-2011-1665.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1665", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHPBoost 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain backup SQL files via a direct request for predictable filenames in cache/backup/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17085", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17085" - }, - { - "name" : "43949", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43949" - }, - { - "name" : "phpboost-backup-info-disclosure(66474)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHPBoost 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain backup SQL files via a direct request for predictable filenames in cache/backup/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpboost-backup-info-disclosure(66474)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66474" + }, + { + "name": "43949", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43949" + }, + { + "name": "17085", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17085" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4484.json b/2011/4xxx/CVE-2011-4484.json index 7c18cbd3839..282db5762d0 100644 --- a/2011/4xxx/CVE-2011-4484.json +++ b/2011/4xxx/CVE-2011-4484.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4484", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4484", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5031.json b/2011/5xxx/CVE-2011-5031.json index 875bd50c890..45a77449a15 100644 --- a/2011/5xxx/CVE-2011-5031.json +++ b/2011/5xxx/CVE-2011-5031.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in servlet/capexweb.parentvalidatepassword in cApexWEB 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) dfuserid and (2) dfpassword parameters. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18247", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18247" - }, - { - "name" : "77998", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/77998" - }, - { - "name" : "47285", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47285" - }, - { - "name" : "capexweb-login-sql-injection(71882)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71882" - }, - { - "name" : "capexweb-validatepassword-sql-injection(71959)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71959" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in servlet/capexweb.parentvalidatepassword in cApexWEB 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) dfuserid and (2) dfpassword parameters. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "capexweb-validatepassword-sql-injection(71959)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71959" + }, + { + "name": "capexweb-login-sql-injection(71882)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71882" + }, + { + "name": "77998", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/77998" + }, + { + "name": "47285", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47285" + }, + { + "name": "18247", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18247" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3061.json b/2014/3xxx/CVE-2014-3061.json index 3888d387666..c5e38d6882b 100644 --- a/2014/3xxx/CVE-2014-3061.json +++ b/2014/3xxx/CVE-2014-3061.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3061", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3061", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681277", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681277" - }, - { - "name" : "60480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60480" - }, - { - "name" : "ibm-emptoris-cve20143061-csrf(93537)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60480" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277" + }, + { + "name": "ibm-emptoris-cve20143061-csrf(93537)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93537" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3219.json b/2014/3xxx/CVE-2014-3219.json index 104917f0bf6..ab4fa69815b 100644 --- a/2014/3xxx/CVE-2014-3219.json +++ b/2014/3xxx/CVE-2014-3219.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140506 Re: Upcoming security release of fish 2.1.1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/05/06/3" - }, - { - "name" : "[oss-security] 20140928 Security release of fish shell 2.1.1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/09/28/8" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1092091", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1092091" - }, - { - "name" : "https://github.com/fish-shell/fish-shell/commit/3225d7e169a9edb2f470c26989e7bc8e0d0355ce", - "refsource" : "CONFIRM", - "url" : "https://github.com/fish-shell/fish-shell/commit/3225d7e169a9edb2f470c26989e7bc8e0d0355ce" - }, - { - "name" : "https://github.com/fish-shell/fish-shell/issues/1440", - "refsource" : "CONFIRM", - "url" : "https://github.com/fish-shell/fish-shell/issues/1440" - }, - { - "name" : "FEDORA-2014-5783", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132751.html" - }, - { - "name" : "GLSA-201412-49", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201412-49.xml" - }, - { - "name" : "67115", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67115" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201412-49", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201412-49.xml" + }, + { + "name": "FEDORA-2014-5783", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132751.html" + }, + { + "name": "[oss-security] 20140928 Security release of fish shell 2.1.1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/09/28/8" + }, + { + "name": "https://github.com/fish-shell/fish-shell/commit/3225d7e169a9edb2f470c26989e7bc8e0d0355ce", + "refsource": "CONFIRM", + "url": "https://github.com/fish-shell/fish-shell/commit/3225d7e169a9edb2f470c26989e7bc8e0d0355ce" + }, + { + "name": "[oss-security] 20140506 Re: Upcoming security release of fish 2.1.1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/05/06/3" + }, + { + "name": "https://github.com/fish-shell/fish-shell/issues/1440", + "refsource": "CONFIRM", + "url": "https://github.com/fish-shell/fish-shell/issues/1440" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1092091", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1092091" + }, + { + "name": "67115", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67115" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3357.json b/2014/3xxx/CVE-2014-3357.json index 32414f33a4f..256209dafb5 100644 --- a/2014/3xxx/CVE-2014-3357.json +++ b/2014/3xxx/CVE-2014-3357.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allow remote attackers to cause a denial of service (device reload) via malformed mDNS packets, aka Bug ID CSCul90866." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns/cvrf/cisco-sa-20140924-mdns_cvrf.xml", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns/cvrf/cisco-sa-20140924-mdns_cvrf.xml" - }, - { - "name" : "20140924 Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns" - }, - { - "name" : "70132", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70132" - }, - { - "name" : "1030898", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030898" - }, - { - "name" : "ciscoios-cve20143357-dos(96182)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allow remote attackers to cause a denial of service (device reload) via malformed mDNS packets, aka Bug ID CSCul90866." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70132", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70132" + }, + { + "name": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns/cvrf/cisco-sa-20140924-mdns_cvrf.xml", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns/cvrf/cisco-sa-20140924-mdns_cvrf.xml" + }, + { + "name": "20140924 Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns" + }, + { + "name": "ciscoios-cve20143357-dos(96182)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96182" + }, + { + "name": "1030898", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030898" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3884.json b/2014/3xxx/CVE-2014-3884.json index 69e6e4daa67..600a7396868 100644 --- a/2014/3xxx/CVE-2014-3884.json +++ b/2014/3xxx/CVE-2014-3884.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-3884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#92737498", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN92737498/index.html" - }, - { - "name" : "JVNDB-2014-000058", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000058" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2014-000058", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000058" + }, + { + "name": "JVN#92737498", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN92737498/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6012.json b/2014/6xxx/CVE-2014-6012.json index a6839b0415d..34690ea409e 100644 --- a/2014/6xxx/CVE-2014-6012.json +++ b/2014/6xxx/CVE-2014-6012.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Gravity Bounce (aka net.toddm.gb) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#150505", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/150505" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Gravity Bounce (aka net.toddm.gb) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#150505", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/150505" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6099.json b/2014/6xxx/CVE-2014-6099.json index 78e20addbf7..a4f7ce32a96 100644 --- a/2014/6xxx/CVE-2014-6099.json +++ b/2014/6xxx/CVE-2014-6099.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Change Password feature in IBM Sterling B2B Integrator 5.2.x through 5.2.4 does not have a lockout protection mechanism for invalid login requests, which makes it easier for remote attackers to obtain admin access via a brute-force approach." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www-01.ibm.com/support/docview.wss?uid=swg21685345", - "refsource" : "CONFIRM", - "url" : "https://www-01.ibm.com/support/docview.wss?uid=swg21685345" - }, - { - "name" : "IT03935", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03935" - }, - { - "name" : "IT03936", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03936" - }, - { - "name" : "ibm-sterling-cve20146099-brute-force(96004)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Change Password feature in IBM Sterling B2B Integrator 5.2.x through 5.2.4 does not have a lockout protection mechanism for invalid login requests, which makes it easier for remote attackers to obtain admin access via a brute-force approach." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21685345", + "refsource": "CONFIRM", + "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21685345" + }, + { + "name": "IT03936", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03936" + }, + { + "name": "ibm-sterling-cve20146099-brute-force(96004)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96004" + }, + { + "name": "IT03935", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03935" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6768.json b/2014/6xxx/CVE-2014-6768.json index bde9ac942ba..e651f399ded 100644 --- a/2014/6xxx/CVE-2014-6768.json +++ b/2014/6xxx/CVE-2014-6768.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Anywhere Anytime Yoga Workout (aka com.bayart.yoga) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#610745", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/610745" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Anywhere Anytime Yoga Workout (aka com.bayart.yoga) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#610745", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/610745" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7480.json b/2014/7xxx/CVE-2014-7480.json index b440ded6616..544aa889718 100644 --- a/2014/7xxx/CVE-2014-7480.json +++ b/2014/7xxx/CVE-2014-7480.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7480", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7480", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7523.json b/2014/7xxx/CVE-2014-7523.json index f90789d08d4..27c98ec6ba9 100644 --- a/2014/7xxx/CVE-2014-7523.json +++ b/2014/7xxx/CVE-2014-7523.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Radio Bethlehem RB2000 (aka com.Abuhadbah.rbl2000v2) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#579681", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/579681" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Radio Bethlehem RB2000 (aka com.Abuhadbah.rbl2000v2) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#579681", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/579681" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8188.json b/2014/8xxx/CVE-2014-8188.json index be242002b65..6a7b159cfbe 100644 --- a/2014/8xxx/CVE-2014-8188.json +++ b/2014/8xxx/CVE-2014-8188.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8188", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8188", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8435.json b/2014/8xxx/CVE-2014-8435.json index 61b0e022aac..abccc2bc09e 100644 --- a/2014/8xxx/CVE-2014-8435.json +++ b/2014/8xxx/CVE-2014-8435.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8435", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8435", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8838.json b/2014/8xxx/CVE-2014-8838.json index b81851ac763..db729140d06 100644 --- a/2014/8xxx/CVE-2014-8838.json +++ b/2014/8xxx/CVE-2014-8838.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2014-8838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/HT204244", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204244" - }, - { - "name" : "APPLE-SA-2015-01-27-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" - }, - { - "name" : "1031650", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031650" - }, - { - "name" : "macosx-cve20148838-sec-bypass(100525)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031650", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031650" + }, + { + "name": "http://support.apple.com/HT204244", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204244" + }, + { + "name": "APPLE-SA-2015-01-27-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" + }, + { + "name": "macosx-cve20148838-sec-bypass(100525)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100525" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2127.json b/2016/2xxx/CVE-2016-2127.json index 39fbc4ca905..0191fdf5f06 100644 --- a/2016/2xxx/CVE-2016-2127.json +++ b/2016/2xxx/CVE-2016-2127.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2127", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2127", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2157.json b/2016/2xxx/CVE-2016-2157.json index 15080a20ea0..6df1210bf63 100644 --- a/2016/2xxx/CVE-2016-2157.json +++ b/2016/2xxx/CVE-2016-2157.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage Assignment plugins." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160321 moodle security release", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/03/21/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53031", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53031" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=330179", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=330179" - }, - { - "name" : "1035333", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035333" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage Assignment plugins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160321 moodle security release", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/03/21/1" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53031", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53031" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=330179", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=330179" + }, + { + "name": "1035333", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035333" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2459.json b/2016/2xxx/CVE-2016-2459.json index 0ea49f51479..45669d215e2 100644 --- a/2016/2xxx/CVE-2016-2459.json +++ b/2016/2xxx/CVE-2016-2459.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and IGraphicBufferProducer.cpp, aka internal bug 27556038." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-05-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-05-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/native/+/a30d7d90c4f718e46fb41a99b3d52800e1011b73", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/native/+/a30d7d90c4f718e46fb41a99b3d52800e1011b73" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and IGraphicBufferProducer.cpp, aka internal bug 27556038." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-05-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-05-01.html" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/native/+/a30d7d90c4f718e46fb41a99b3d52800e1011b73", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/native/+/a30d7d90c4f718e46fb41a99b3d52800e1011b73" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2620.json b/2016/2xxx/CVE-2016-2620.json index da0f1adb4e4..d3dc8c05553 100644 --- a/2016/2xxx/CVE-2016-2620.json +++ b/2016/2xxx/CVE-2016-2620.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2620", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2620", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2631.json b/2016/2xxx/CVE-2016-2631.json index 733e2c626f8..54693c9135a 100644 --- a/2016/2xxx/CVE-2016-2631.json +++ b/2016/2xxx/CVE-2016-2631.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2631", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2631", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6452.json b/2016/6xxx/CVE-2016-6452.json index 41278e4ee07..15d07e1a586 100644 --- a/2016/6xxx/CVE-2016-6452.json +++ b/2016/6xxx/CVE-2016-6452.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2016-6452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Prime Home before 6.0", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Prime Home before 6.0" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. Cisco Prime Home versions 5.1.1.6 and earlier and 5.2.2.2 and earlier have been confirmed to be vulnerable. Cisco Prime Home versions 6.0 and later are not vulnerable. More Information: CSCvb71732. Known Affected Releases: 5.0 5.0(1) 5.0(1.1) 5.0(1.2) 5.0(2) 5.15.1(0) 5.1(1) 5.1(1.3) 5.1(1.4) 5.1(1.5) 5.1(1.6) 5.1(2) 5.1(2.1) 5.1(2.3) 5.25.2(0.1) 5.2(1.0) 5.2(1.2) 5.2(2.0) 5.2(2.1) 5.2(2.2)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2016-6452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Prime Home before 6.0", + "version": { + "version_data": [ + { + "version_value": "Cisco Prime Home before 6.0" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cph", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cph" - }, - { - "name" : "94070", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. Cisco Prime Home versions 5.1.1.6 and earlier and 5.2.2.2 and earlier have been confirmed to be vulnerable. Cisco Prime Home versions 6.0 and later are not vulnerable. More Information: CSCvb71732. Known Affected Releases: 5.0 5.0(1) 5.0(1.1) 5.0(1.2) 5.0(2) 5.15.1(0) 5.1(1) 5.1(1.3) 5.1(1.4) 5.1(1.5) 5.1(1.6) 5.1(2) 5.1(2.1) 5.1(2.3) 5.25.2(0.1) 5.2(1.0) 5.2(1.2) 5.2(2.0) 5.2(2.1) 5.2(2.2)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cph", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cph" + }, + { + "name": "94070", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94070" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1532.json b/2017/1xxx/CVE-2017-1532.json index 7cc71e83a20..01455ebf8ce 100644 --- a/2017/1xxx/CVE-2017-1532.json +++ b/2017/1xxx/CVE-2017-1532.json @@ -1,196 +1,196 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-01-23T00:00:00", - "ID" : "CVE-2017-1532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational DOORS", - "version" : { - "version_data" : [ - { - "version_value" : "9.5" - }, - { - "version_value" : "9.5.0.1" - }, - { - "version_value" : "9.5.1" - }, - { - "version_value" : "9.5.1.1" - }, - { - "version_value" : "9.5.1.2" - }, - { - "version_value" : "9.5.2" - }, - { - "version_value" : "9.5.2.1" - }, - { - "version_value" : "9.6" - }, - { - "version_value" : "9.5.0.2" - }, - { - "version_value" : "9.5.0.3" - }, - { - "version_value" : "9.5.1.3" - }, - { - "version_value" : "9.5.1.4" - }, - { - "version_value" : "9.5.2.2" - }, - { - "version_value" : "9.5.2.3" - }, - { - "version_value" : "9.6.0.1" - }, - { - "version_value" : "9.6.0.2" - }, - { - "version_value" : "9.6.1" - }, - { - "version_value" : "9.6.1.1" - }, - { - "version_value" : "9.5.0.4" - }, - { - "version_value" : "9.5.1.5" - }, - { - "version_value" : "9.5.2.4" - }, - { - "version_value" : "9.6.0.3" - }, - { - "version_value" : "9.6.1.2" - }, - { - "version_value" : "9.6.1.3" - }, - { - "version_value" : "9.6.1.4" - }, - { - "version_value" : "9.5.0.5" - }, - { - "version_value" : "9.5.1.6" - }, - { - "version_value" : "9.5.2.5" - }, - { - "version_value" : "9.6.0.4" - }, - { - "version_value" : "9.5.0.6" - }, - { - "version_value" : "9.5.1.7" - }, - { - "version_value" : "9.5.2.6" - }, - { - "version_value" : "9.6.0.5" - }, - { - "version_value" : "9.6.1.5" - }, - { - "version_value" : "9.6.1.6" - }, - { - "version_value" : "9.6.1.7" - }, - { - "version_value" : "9.5.0.7" - }, - { - "version_value" : "9.5.1.8" - }, - { - "version_value" : "9.5.2.7" - }, - { - "version_value" : "9.6.0.6" - }, - { - "version_value" : "9.6.1.8" - }, - { - "version_value" : "9.6.1.9" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130411." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-01-23T00:00:00", + "ID": "CVE-2017-1532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational DOORS", + "version": { + "version_data": [ + { + "version_value": "9.5" + }, + { + "version_value": "9.5.0.1" + }, + { + "version_value": "9.5.1" + }, + { + "version_value": "9.5.1.1" + }, + { + "version_value": "9.5.1.2" + }, + { + "version_value": "9.5.2" + }, + { + "version_value": "9.5.2.1" + }, + { + "version_value": "9.6" + }, + { + "version_value": "9.5.0.2" + }, + { + "version_value": "9.5.0.3" + }, + { + "version_value": "9.5.1.3" + }, + { + "version_value": "9.5.1.4" + }, + { + "version_value": "9.5.2.2" + }, + { + "version_value": "9.5.2.3" + }, + { + "version_value": "9.6.0.1" + }, + { + "version_value": "9.6.0.2" + }, + { + "version_value": "9.6.1" + }, + { + "version_value": "9.6.1.1" + }, + { + "version_value": "9.5.0.4" + }, + { + "version_value": "9.5.1.5" + }, + { + "version_value": "9.5.2.4" + }, + { + "version_value": "9.6.0.3" + }, + { + "version_value": "9.6.1.2" + }, + { + "version_value": "9.6.1.3" + }, + { + "version_value": "9.6.1.4" + }, + { + "version_value": "9.5.0.5" + }, + { + "version_value": "9.5.1.6" + }, + { + "version_value": "9.5.2.5" + }, + { + "version_value": "9.6.0.4" + }, + { + "version_value": "9.5.0.6" + }, + { + "version_value": "9.5.1.7" + }, + { + "version_value": "9.5.2.6" + }, + { + "version_value": "9.6.0.5" + }, + { + "version_value": "9.6.1.5" + }, + { + "version_value": "9.6.1.6" + }, + { + "version_value": "9.6.1.7" + }, + { + "version_value": "9.5.0.7" + }, + { + "version_value": "9.5.1.8" + }, + { + "version_value": "9.5.2.7" + }, + { + "version_value": "9.6.0.6" + }, + { + "version_value": "9.6.1.8" + }, + { + "version_value": "9.6.1.9" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130411", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130411" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012789", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012789" - }, - { - "name" : "102888", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130411." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22012789", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22012789" + }, + { + "name": "102888", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102888" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130411", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130411" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5268.json b/2017/5xxx/CVE-2017-5268.json index dbd06ee1fc0..31d2db853e4 100644 --- a/2017/5xxx/CVE-2017-5268.json +++ b/2017/5xxx/CVE-2017-5268.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5268", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5268", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5313.json b/2017/5xxx/CVE-2017-5313.json index 273efa4f7e4..8baa49c5a60 100644 --- a/2017/5xxx/CVE-2017-5313.json +++ b/2017/5xxx/CVE-2017-5313.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5313", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5313", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5404.json b/2017/5xxx/CVE-2017-5404.json index 27ce99cdccf..731082eb669 100644 --- a/2017/5xxx/CVE-2017-5404.json +++ b/2017/5xxx/CVE-2017-5404.json @@ -1,159 +1,159 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5404", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "45.8" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52" - }, - { - "version_affected" : "<", - "version_value" : "45.8" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free working with ranges in selections" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "45.8" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52" + }, + { + "version_affected": "<", + "version_value": "45.8" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41660", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41660/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1340138", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1340138" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-05/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-05/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-06/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-06/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-07/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-07/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-09/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-09/" - }, - { - "name" : "DSA-3805", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3805" - }, - { - "name" : "DSA-3832", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3832" - }, - { - "name" : "GLSA-201705-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-06" - }, - { - "name" : "GLSA-201705-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-07" - }, - { - "name" : "RHSA-2017:0459", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0459.html" - }, - { - "name" : "RHSA-2017:0461", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0461.html" - }, - { - "name" : "RHSA-2017:0498", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0498.html" - }, - { - "name" : "96664", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96664" - }, - { - "name" : "1037966", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free working with ranges in selections" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41660", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41660/" + }, + { + "name": "RHSA-2017:0459", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0459.html" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-09/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-09/" + }, + { + "name": "DSA-3832", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3832" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1340138", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1340138" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-07/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-07/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-05/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-05/" + }, + { + "name": "1037966", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037966" + }, + { + "name": "96664", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96664" + }, + { + "name": "GLSA-201705-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-06" + }, + { + "name": "RHSA-2017:0461", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0461.html" + }, + { + "name": "DSA-3805", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3805" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-06/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-06/" + }, + { + "name": "RHSA-2017:0498", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0498.html" + }, + { + "name": "GLSA-201705-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-07" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5765.json b/2017/5xxx/CVE-2017-5765.json index 4cb243e65de..ec1449eae04 100644 --- a/2017/5xxx/CVE-2017-5765.json +++ b/2017/5xxx/CVE-2017-5765.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5765", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5765", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file