diff --git a/2001/1xxx/CVE-2001-1015.json b/2001/1xxx/CVE-2001-1015.json index be4512025fc..c759e7074cb 100644 --- a/2001/1xxx/CVE-2001-1015.json +++ b/2001/1xxx/CVE-2001-1015.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Snes9x 1.37, when installed setuid root, allows local users to gain root privileges via a long command line argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011016 [ ** Snes9x buffer overflow vulnerability ** ]", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-10/0107.html" - }, - { - "name" : "3437", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3437" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Snes9x 1.37, when installed setuid root, allows local users to gain root privileges via a long command line argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011016 [ ** Snes9x buffer overflow vulnerability ** ]", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0107.html" + }, + { + "name": "3437", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3437" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1249.json b/2001/1xxx/CVE-2001-1249.json index 8f27c2a42a0..00fdf94082e 100644 --- a/2001/1xxx/CVE-2001-1249.json +++ b/2001/1xxx/CVE-2001-1249.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "vWebServer 1.2.0 allows remote attackers to cause a denial of service via a URL that contains MS-DOS device names." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010629 4 New vulns. vWebServer and SmallHTTP", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/194418" - }, - { - "name" : "2978", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2978" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "vWebServer 1.2.0 allows remote attackers to cause a denial of service via a URL that contains MS-DOS device names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010629 4 New vulns. vWebServer and SmallHTTP", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/194418" + }, + { + "name": "2978", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2978" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1305.json b/2001/1xxx/CVE-2001-1305.json index 682a5edce3d..9aa4501ef62 100644 --- a/2001/1xxx/CVE-2001-1305.json +++ b/2001/1xxx/CVE-2001-1305.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010822 Hexyn / Securax Advisory #22 - ICQ Forced Auto-Add Users", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=99851887024728&w=2" - }, - { - "name" : "3226", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3226" - }, - { - "name" : "icq-auto-add-user(7028)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7028.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "icq-auto-add-user(7028)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7028.php" + }, + { + "name": "3226", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3226" + }, + { + "name": "20010822 Hexyn / Securax Advisory #22 - ICQ Forced Auto-Add Users", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=99851887024728&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1362.json b/2001/1xxx/CVE-2001-1362.json index 305a8b67ee2..19722216bbd 100644 --- a/2001/1xxx/CVE-2001-1362.json +++ b/2001/1xxx/CVE-2001-1362.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the server for nPULSE before 0.53p4." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010719 [VulnWatch] Changelog maddness (14 various broken apps)", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html" - }, - { - "name" : "http://freshmeat.net/releases/51981/", - "refsource" : "CONFIRM", - "url" : "http://freshmeat.net/releases/51981/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the server for nPULSE before 0.53p4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010719 [VulnWatch] Changelog maddness (14 various broken apps)", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html" + }, + { + "name": "http://freshmeat.net/releases/51981/", + "refsource": "CONFIRM", + "url": "http://freshmeat.net/releases/51981/" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2275.json b/2006/2xxx/CVE-2006-2275.json index cb72d8ab83f..3879e825631 100644 --- a/2006/2xxx/CVE-2006-2275.json +++ b/2006/2xxx/CVE-2006-2275.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to \"spillover of the receive buffer.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c3ceb4fb9667f34f1599a062efecf4cdc4a4ce5", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c3ceb4fb9667f34f1599a062efecf4cdc4a4ce5" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm" - }, - { - "name" : "RHSA-2006:0575", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0575.html" - }, - { - "name" : "2006-0026", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0026" - }, - { - "name" : "USN-302-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-302-1" - }, - { - "name" : "17955", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17955" - }, - { - "name" : "oval:org.mitre.oval:def:11295", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11295" - }, - { - "name" : "20716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20716" - }, - { - "name" : "21465", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21465" - }, - { - "name" : "22417", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22417" - }, - { - "name" : "linux-sctp-receive-dos(26433)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to \"spillover of the receive buffer.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "linux-sctp-receive-dos(26433)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26433" + }, + { + "name": "17955", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17955" + }, + { + "name": "20716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20716" + }, + { + "name": "oval:org.mitre.oval:def:11295", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11295" + }, + { + "name": "USN-302-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-302-1" + }, + { + "name": "RHSA-2006:0575", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0575.html" + }, + { + "name": "http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c3ceb4fb9667f34f1599a062efecf4cdc4a4ce5", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c3ceb4fb9667f34f1599a062efecf4cdc4a4ce5" + }, + { + "name": "2006-0026", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0026" + }, + { + "name": "21465", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21465" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm" + }, + { + "name": "22417", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22417" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2369.json b/2006/2xxx/CVE-2006-2369.json index 0020eb9a101..e8d83f7a341 100644 --- a/2006/2xxx/CVE-2006-2369.json +++ b/2006/2xxx/CVE-2006-2369.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as \"Type 1 - None\", which is accepted even if it is not offered by the server, as originally demonstrated using a long password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-2369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060516 re: RealVNC 4.1.1 Remote Compromise", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434117/100/0/threaded" - }, - { - "name" : "20060518 RE: [Full-disclosure] RealVNC 4.1.1 Remote Compromise", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434518/100/0/threaded" - }, - { - "name" : "20060520 Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434560/100/0/threaded" - }, - { - "name" : "20060623 Linux VNC evil client patch - BID 17978", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438175/100/0/threaded" - }, - { - "name" : "20060624 Re: Linux VNC evil client patch - BID 17978", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438368/100/0/threaded" - }, - { - "name" : "http://www.intelliadmin.com/blog/2006/05/security-flaw-in-realvnc-411.html", - "refsource" : "MISC", - "url" : "http://www.intelliadmin.com/blog/2006/05/security-flaw-in-realvnc-411.html" - }, - { - "name" : "http://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.html", - "refsource" : "MISC", - "url" : "http://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.html" - }, - { - "name" : "20060515 RealVNC 4.1.1 Remote Compromise", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=114768344111131&w=2" - }, - { - "name" : "20060515 RealVNC 4.1.1 Remote Compromise", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433994/100/0/threaded" - }, - { - "name" : "20060515 Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434015/100/0/threaded" - }, - { - "name" : "[vnc-list] 20060513 Version 4.1.2", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=vnc-list&m=114755444130188&w=2" - }, - { - "name" : "http://www.realvnc.com/products/free/4.1/release-notes.html", - "refsource" : "CONFIRM", - "url" : "http://www.realvnc.com/products/free/4.1/release-notes.html" - }, - { - "name" : "20060622 RealVNC Remote Authentication Bypass Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sr-20060622-cmm.shtml" - }, - { - "name" : "VU#117929", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/117929" - }, - { - "name" : "17978", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17978" - }, - { - "name" : "8355", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8355" - }, - { - "name" : "ADV-2006-1821", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1821" - }, - { - "name" : "ADV-2006-1790", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1790" - }, - { - "name" : "ADV-2006-2492", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2492" - }, - { - "name" : "25479", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25479" - }, - { - "name" : "1016083", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016083" - }, - { - "name" : "20107", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20107" - }, - { - "name" : "20109", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20109" - }, - { - "name" : "20789", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20789" - }, - { - "name" : "realvnc-auth-bypass(26445)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as \"Type 1 - None\", which is accepted even if it is not offered by the server, as originally demonstrated using a long password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8355", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8355" + }, + { + "name": "ADV-2006-2492", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2492" + }, + { + "name": "20107", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20107" + }, + { + "name": "20060623 Linux VNC evil client patch - BID 17978", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438175/100/0/threaded" + }, + { + "name": "20060516 re: RealVNC 4.1.1 Remote Compromise", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434117/100/0/threaded" + }, + { + "name": "20060515 Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434015/100/0/threaded" + }, + { + "name": "20060515 RealVNC 4.1.1 Remote Compromise", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=114768344111131&w=2" + }, + { + "name": "http://www.realvnc.com/products/free/4.1/release-notes.html", + "refsource": "CONFIRM", + "url": "http://www.realvnc.com/products/free/4.1/release-notes.html" + }, + { + "name": "VU#117929", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/117929" + }, + { + "name": "20060624 Re: Linux VNC evil client patch - BID 17978", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438368/100/0/threaded" + }, + { + "name": "20060520 Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434560/100/0/threaded" + }, + { + "name": "http://www.intelliadmin.com/blog/2006/05/security-flaw-in-realvnc-411.html", + "refsource": "MISC", + "url": "http://www.intelliadmin.com/blog/2006/05/security-flaw-in-realvnc-411.html" + }, + { + "name": "1016083", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016083" + }, + { + "name": "ADV-2006-1821", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1821" + }, + { + "name": "http://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.html", + "refsource": "MISC", + "url": "http://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.html" + }, + { + "name": "realvnc-auth-bypass(26445)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26445" + }, + { + "name": "20060515 RealVNC 4.1.1 Remote Compromise", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433994/100/0/threaded" + }, + { + "name": "17978", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17978" + }, + { + "name": "25479", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25479" + }, + { + "name": "20109", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20109" + }, + { + "name": "20060622 RealVNC Remote Authentication Bypass Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sr-20060622-cmm.shtml" + }, + { + "name": "[vnc-list] 20060513 Version 4.1.2", + "refsource": "MLIST", + "url": "http://marc.info/?l=vnc-list&m=114755444130188&w=2" + }, + { + "name": "ADV-2006-1790", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1790" + }, + { + "name": "20060518 RE: [Full-disclosure] RealVNC 4.1.1 Remote Compromise", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434518/100/0/threaded" + }, + { + "name": "20789", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20789" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2615.json b/2006/2xxx/CVE-2006-2615.json index dc51d8481f7..d1dffef16cb 100644 --- a/2006/2xxx/CVE-2006-2615.json +++ b/2006/2xxx/CVE-2006-2615.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2615", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ping.php in Russcom.Ping allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060522 Russcom Ping Remote code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434825/100/0/threaded" - }, - { - "name" : "18090", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18090" - }, - { - "name" : "ADV-2006-1938", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1938" - }, - { - "name" : "20236", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20236" - }, - { - "name" : "956", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/956" - }, - { - "name" : "russcom-ping-piping-command-execution(26651)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ping.php in Russcom.Ping allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18090", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18090" + }, + { + "name": "956", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/956" + }, + { + "name": "20236", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20236" + }, + { + "name": "ADV-2006-1938", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1938" + }, + { + "name": "russcom-ping-piping-command-execution(26651)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26651" + }, + { + "name": "20060522 Russcom Ping Remote code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434825/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6070.json b/2006/6xxx/CVE-2006-6070.json index 6673e8d27ff..da5dd2d9235 100644 --- a/2006/6xxx/CVE-2006-6070.json +++ b/2006/6xxx/CVE-2006-6070.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in module/account/register/register.asp in ASP Nuke 0.80 and earlier allows remote attackers to execute arbitrary SQL commands via the StateCode parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061119 ASPNuke <= 0.80 (register.asp) Remote SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452103/100/0/threaded" - }, - { - "name" : "2813", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2813" - }, - { - "name" : "21195", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21195" - }, - { - "name" : "1017255", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017255" - }, - { - "name" : "aspnuke-register-sql-injection(30397)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30397" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in module/account/register/register.asp in ASP Nuke 0.80 and earlier allows remote attackers to execute arbitrary SQL commands via the StateCode parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061119 ASPNuke <= 0.80 (register.asp) Remote SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452103/100/0/threaded" + }, + { + "name": "1017255", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017255" + }, + { + "name": "2813", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2813" + }, + { + "name": "aspnuke-register-sql-injection(30397)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30397" + }, + { + "name": "21195", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21195" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6081.json b/2006/6xxx/CVE-2006-6081.json index 047318423e0..647dbc09ac3 100644 --- a/2006/6xxx/CVE-2006-6081.json +++ b/2006/6xxx/CVE-2006-6081.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in Smarty_Compiler.class.php in Telaen 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plugin_file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061119 Telaen <= 1.1.0 Remote File Include Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452086/100/100/threaded" - }, - { - "name" : "20061119 Telaen => 1.1.0 Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452139/100/0/threaded" - }, - { - "name" : "1904", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1904" - }, - { - "name" : "telaen-smartycompiler-file-include(30432)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in Smarty_Compiler.class.php in Telaen 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plugin_file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1904", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1904" + }, + { + "name": "20061119 Telaen => 1.1.0 Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452139/100/0/threaded" + }, + { + "name": "20061119 Telaen <= 1.1.0 Remote File Include Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452086/100/100/threaded" + }, + { + "name": "telaen-smartycompiler-file-include(30432)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30432" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6176.json b/2006/6xxx/CVE-2006-6176.json index 21400c949c2..6803a2df1e5 100644 --- a/2006/6xxx/CVE-2006-6176.json +++ b/2006/6xxx/CVE-2006-6176.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6176", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin.php in Blogn before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6176", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.blogn.org/index.php?e=66", - "refsource" : "CONFIRM", - "url" : "http://www.blogn.org/index.php?e=66" - }, - { - "name" : "JVN#21125043", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2321125043/index.html" - }, - { - "name" : "21347", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21347" - }, - { - "name" : "ADV-2006-4768", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4768" - }, - { - "name" : "23126", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23126" - }, - { - "name" : "blogn-admin-xss(30565)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30565" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin.php in Blogn before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23126", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23126" + }, + { + "name": "http://www.blogn.org/index.php?e=66", + "refsource": "CONFIRM", + "url": "http://www.blogn.org/index.php?e=66" + }, + { + "name": "blogn-admin-xss(30565)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30565" + }, + { + "name": "ADV-2006-4768", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4768" + }, + { + "name": "21347", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21347" + }, + { + "name": "JVN#21125043", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2321125043/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6331.json b/2006/6xxx/CVE-2006-6331.json index 917eb3ab30c..b3363c19605 100644 --- a/2006/6xxx/CVE-2006-6331.json +++ b/2006/6xxx/CVE-2006-6331.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "metaInfo.php in TorrentFlux 2.2, when $cfg[\"enable_file_priority\"] is false, allows remote attackers to execute arbitrary commands via shell metacharacters (backticks) in the torrent parameter to (1) details.php and (2) startpop.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi/11_missed_security_fixes.dpatch?bug=400582;msg=71;att=1", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi/11_missed_security_fixes.dpatch?bug=400582;msg=71;att=1" - }, - { - "name" : "23270", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "metaInfo.php in TorrentFlux 2.2, when $cfg[\"enable_file_priority\"] is false, allows remote attackers to execute arbitrary commands via shell metacharacters (backticks) in the torrent parameter to (1) details.php and (2) startpop.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi/11_missed_security_fixes.dpatch?bug=400582;msg=71;att=1", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi/11_missed_security_fixes.dpatch?bug=400582;msg=71;att=1" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582" + }, + { + "name": "23270", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23270" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6339.json b/2006/6xxx/CVE-2006-6339.json index 74150b68ffc..ec319632ec2 100644 --- a/2006/6xxx/CVE-2006-6339.json +++ b/2006/6xxx/CVE-2006-6339.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6339", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in sites/index.php in deV!L`z Clanportal (DZCP) before 1.3.6.1 allows remote attackers to execute arbitrary SQL commands via the show element in a GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061201 deV!L`z Clanportal - SQL Injection [061124a]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453179/100/0/threaded" - }, - { - "name" : "21391", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21391" - }, - { - "name" : "ADV-2006-4821", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4821" - }, - { - "name" : "23194", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23194" - }, - { - "name" : "1984", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1984" - }, - { - "name" : "dzcp-show-sql-injection(30631)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in sites/index.php in deV!L`z Clanportal (DZCP) before 1.3.6.1 allows remote attackers to execute arbitrary SQL commands via the show element in a GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4821", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4821" + }, + { + "name": "20061201 deV!L`z Clanportal - SQL Injection [061124a]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453179/100/0/threaded" + }, + { + "name": "21391", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21391" + }, + { + "name": "1984", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1984" + }, + { + "name": "23194", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23194" + }, + { + "name": "dzcp-show-sql-injection(30631)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30631" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0124.json b/2011/0xxx/CVE-2011-0124.json index ed2296b361a..66560a9ea05 100644 --- a/2011/0xxx/CVE-2011-0124.json +++ b/2011/0xxx/CVE-2011-0124.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4554", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4554" - }, - { - "name" : "http://support.apple.com/kb/HT4564", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4564" - }, - { - "name" : "http://support.apple.com/kb/HT4566", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4566" - }, - { - "name" : "APPLE-SA-2011-03-02-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-03-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" - }, - { - "name" : "APPLE-SA-2011-03-09-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" - }, - { - "name" : "oval:org.mitre.oval:def:17280", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4564", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4564" + }, + { + "name": "http://support.apple.com/kb/HT4566", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4566" + }, + { + "name": "oval:org.mitre.oval:def:17280", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17280" + }, + { + "name": "APPLE-SA-2011-03-02-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" + }, + { + "name": "APPLE-SA-2011-03-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT4554", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4554" + }, + { + "name": "APPLE-SA-2011-03-09-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0227.json b/2011/0xxx/CVE-2011-0227.json index a90fb1cdfe0..79cbdd850e3 100644 --- a/2011/0xxx/CVE-2011-0227.json +++ b/2011/0xxx/CVE-2011-0227.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0227", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4802", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4802" - }, - { - "name" : "http://support.apple.com/kb/HT4803", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4803" - }, - { - "name" : "APPLE-SA-2011-07-15-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-07-15-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4803", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4803" + }, + { + "name": "APPLE-SA-2011-07-15-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html" + }, + { + "name": "APPLE-SA-2011-07-15-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT4802", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4802" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0569.json b/2011/0xxx/CVE-2011-0569.json index f6a90508aff..5ef40dafaa4 100644 --- a/2011/0xxx/CVE-2011-0569.json +++ b/2011/0xxx/CVE-2011-0569.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PFR1 chunk containing an invalid size value that leads to an unexpected sign extension and a buffer overflow, a different vulnerability than CVE-2011-0556." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-0569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110209 TPTI-11-05: Adobe Shockwave PFR1 Font Chunk Parsing Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516335/100/0/threaded" - }, - { - "name" : "http://dvlabs.tippingpoint.com/advisory/TPTI-11-05", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/advisory/TPTI-11-05" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-01.html" - }, - { - "name" : "1025056", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025056" - }, - { - "name" : "ADV-2011-0335", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0335" - }, - { - "name" : "adobe-fontxtra-code-execution(65260)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PFR1 chunk containing an invalid size value that leads to an unexpected sign extension and a buffer overflow, a different vulnerability than CVE-2011-0556." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0335", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0335" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-01.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-01.html" + }, + { + "name": "20110209 TPTI-11-05: Adobe Shockwave PFR1 Font Chunk Parsing Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516335/100/0/threaded" + }, + { + "name": "1025056", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025056" + }, + { + "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-11-05", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-11-05" + }, + { + "name": "adobe-fontxtra-code-execution(65260)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65260" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2432.json b/2011/2xxx/CVE-2011-2432.json index 7569bbee5d7..a87fea30c9a 100644 --- a/2011/2xxx/CVE-2011-2432.json +++ b/2011/2xxx/CVE-2011-2432.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-2432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-24.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-24.html" - }, - { - "name" : "SUSE-SA:2011:044", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html" - }, - { - "name" : "SUSE-SU-2011:1239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00013.html" - }, - { - "name" : "openSUSE-SU-2011:1238", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html" - }, - { - "name" : "oval:org.mitre.oval:def:14031", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-24.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-24.html" + }, + { + "name": "SUSE-SU-2011:1239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00013.html" + }, + { + "name": "SUSE-SA:2011:044", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html" + }, + { + "name": "openSUSE-SU-2011:1238", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html" + }, + { + "name": "oval:org.mitre.oval:def:14031", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14031" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2542.json b/2011/2xxx/CVE-2011-2542.json index 78ae9d4ae3a..1c684d44459 100644 --- a/2011/2xxx/CVE-2011-2542.json +++ b/2011/2xxx/CVE-2011-2542.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2542", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2542", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3094.json b/2011/3xxx/CVE-2011-3094.json index 6dfb126e0bb..8b1b153ba14 100644 --- a/2011/3xxx/CVE-2011-3094.json +++ b/2011/3xxx/CVE-2011-3094.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 19.0.1084.46 does not properly handle Tibetan text, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=122586", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=122586" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html" - }, - { - "name" : "GLSA-201205-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201205-03.xml" - }, - { - "name" : "openSUSE-SU-2012:0656", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html" - }, - { - "name" : "53540", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53540" - }, - { - "name" : "oval:org.mitre.oval:def:15233", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15233" - }, - { - "name" : "1027067", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027067" - }, - { - "name" : "chrome-tibetan-code-exec(75599)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75599" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 19.0.1084.46 does not properly handle Tibetan text, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201205-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201205-03.xml" + }, + { + "name": "openSUSE-SU-2012:0656", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html" + }, + { + "name": "1027067", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027067" + }, + { + "name": "oval:org.mitre.oval:def:15233", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15233" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html" + }, + { + "name": "53540", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53540" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=122586", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=122586" + }, + { + "name": "chrome-tibetan-code-exec(75599)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75599" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3516.json b/2011/3xxx/CVE-2011-3516.json index 75cd5171e61..241361ddb10 100644 --- a/2011/3xxx/CVE-2011-3516.json +++ b/2011/3xxx/CVE-2011-3516.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-3516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" - }, - { - "name" : "http://www.ibm.com/developerworks/java/jdk/alerts/", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/developerworks/java/jdk/alerts/" - }, - { - "name" : "HPSBUX02730", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132750579901589&w=2" - }, - { - "name" : "SSRT100710", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132750579901589&w=2" - }, - { - "name" : "HPSBMU02797", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "SSRT100867", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "RHSA-2011:1384", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1384.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "SUSE-SU-2012:0114", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" - }, - { - "name" : "50229", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50229" - }, - { - "name" : "oval:org.mitre.oval:def:14273", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14273" - }, - { - "name" : "1026215", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026215" - }, - { - "name" : "48308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48308" - }, - { - "name" : "oracle-jre-deployment-unspec(70851)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70851" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "48308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48308" + }, + { + "name": "HPSBUX02730", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132750579901589&w=2" + }, + { + "name": "oracle-jre-deployment-unspec(70851)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70851" + }, + { + "name": "SUSE-SU-2012:0114", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "SSRT100710", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132750579901589&w=2" + }, + { + "name": "RHSA-2011:1384", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html" + }, + { + "name": "50229", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50229" + }, + { + "name": "oval:org.mitre.oval:def:14273", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14273" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" + }, + { + "name": "SSRT100867", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "1026215", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026215" + }, + { + "name": "HPSBMU02797", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "http://www.ibm.com/developerworks/java/jdk/alerts/", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3765.json b/2011/3xxx/CVE-2011-3765.json index 3841ca9fae5..b259ed96d98 100644 --- a/2011/3xxx/CVE-2011-3765.json +++ b/2011/3xxx/CVE-2011-3765.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open-Realty 2.5.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/versions/upgrade_115.inc.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/open-realty-2.5.8", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/open-realty-2.5.8" - }, - { - "name" : "openrealty-upgrade115inc-path-disclosure(70607)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open-Realty 2.5.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/versions/upgrade_115.inc.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openrealty-upgrade115inc-path-disclosure(70607)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70607" + }, + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/open-realty-2.5.8", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/open-realty-2.5.8" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3787.json b/2011/3xxx/CVE-2011-3787.json index 921d61c69ed..0112e4b5919 100644 --- a/2011/3xxx/CVE-2011-3787.json +++ b/2011/3xxx/CVE-2011-3787.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3787", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpScheduleIt 1.2.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/schedule.template.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpScheduleIt_1.2.12", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpScheduleIt_1.2.12" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpScheduleIt 1.2.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/schedule.template.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpScheduleIt_1.2.12", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpScheduleIt_1.2.12" + }, + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3988.json b/2011/3xxx/CVE-2011-3988.json index 8172521bb63..32d1c0cc4f8 100644 --- a/2011/3xxx/CVE-2011-3988.json +++ b/2011/3xxx/CVE-2011-3988.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11.0 through 2.11.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2011-3988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://svn.ec-cube.net/open_trac/ticket/1502", - "refsource" : "CONFIRM", - "url" : "http://svn.ec-cube.net/open_trac/ticket/1502" - }, - { - "name" : "http://www.ec-cube.net/info/weakness/weakness.php?id=38", - "refsource" : "CONFIRM", - "url" : "http://www.ec-cube.net/info/weakness/weakness.php?id=38" - }, - { - "name" : "http://www.ec-cube.net/release/detail.php?release_id=286", - "refsource" : "CONFIRM", - "url" : "http://www.ec-cube.net/release/detail.php?release_id=286" - }, - { - "name" : "JVN#44496332", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN44496332/index.html" - }, - { - "name" : "JVNDB-2011-000087", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000087.html" - }, - { - "name" : "50140", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50140" - }, - { - "name" : "76399", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76399" - }, - { - "name" : "46446", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46446" - }, - { - "name" : "eccube-scquery-sql-injection(70625)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11.0 through 2.11.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://svn.ec-cube.net/open_trac/ticket/1502", + "refsource": "CONFIRM", + "url": "http://svn.ec-cube.net/open_trac/ticket/1502" + }, + { + "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=38", + "refsource": "CONFIRM", + "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=38" + }, + { + "name": "eccube-scquery-sql-injection(70625)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70625" + }, + { + "name": "50140", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50140" + }, + { + "name": "JVNDB-2011-000087", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000087.html" + }, + { + "name": "http://www.ec-cube.net/release/detail.php?release_id=286", + "refsource": "CONFIRM", + "url": "http://www.ec-cube.net/release/detail.php?release_id=286" + }, + { + "name": "JVN#44496332", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN44496332/index.html" + }, + { + "name": "76399", + "refsource": "OSVDB", + "url": "http://osvdb.org/76399" + }, + { + "name": "46446", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46446" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4081.json b/2011/4xxx/CVE-2011-4081.json index 25a21d454bc..48a6e140aae 100644 --- a/2011/4xxx/CVE-2011-4081.json +++ b/2011/4xxx/CVE-2011-4081.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111027 Re: CVE request: kernel: crypto: ghash: null pointer deref if no key is set", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/10/27/2" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7ed47b7d142ec99ad6880bbbec51e9f12b3af74c", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7ed47b7d142ec99ad6880bbbec51e9f12b3af74c" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=749475", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=749475" - }, - { - "name" : "https://github.com/torvalds/linux/commit/7ed47b7d142ec99ad6880bbbec51e9f12b3af74c", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/7ed47b7d142ec99ad6880bbbec51e9f12b3af74c" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20111027 Re: CVE request: kernel: crypto: ghash: null pointer deref if no key is set", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/10/27/2" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7ed47b7d142ec99ad6880bbbec51e9f12b3af74c", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7ed47b7d142ec99ad6880bbbec51e9f12b3af74c" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=749475", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=749475" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1" + }, + { + "name": "https://github.com/torvalds/linux/commit/7ed47b7d142ec99ad6880bbbec51e9f12b3af74c", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/7ed47b7d142ec99ad6880bbbec51e9f12b3af74c" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4497.json b/2011/4xxx/CVE-2011-4497.json index 40818a6c758..8e370a1654c 100644 --- a/2011/4xxx/CVE-2011-4497.json +++ b/2011/4xxx/CVE-2011-4497.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4497", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4497", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#200814", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/200814" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#200814", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/200814" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4715.json b/2011/4xxx/CVE-2011-4715.json index 5205e74ffe4..d9243616db1 100644 --- a/2011/4xxx/CVE-2011-4715.json +++ b/2011/4xxx/CVE-2011-4715.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18153", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18153" - }, - { - "name" : "http://www.vigasis.com/en/?guncel_guvenlik=LibLime%20Koha%20%3C=%204.2%20Local%20File%20Inclusion%20Vulnerability&lnk=exploits/18153", - "refsource" : "MISC", - "url" : "http://www.vigasis.com/en/?guncel_guvenlik=LibLime%20Koha%20%3C=%204.2%20Local%20File%20Inclusion%20Vulnerability&lnk=exploits/18153" - }, - { - "name" : "http://koha-community.org/koha-3-4-7/#more-2971", - "refsource" : "CONFIRM", - "url" : "http://koha-community.org/koha-3-4-7/#more-2971" - }, - { - "name" : "http://koha-community.org/koha-3-6-1/#more-2929", - "refsource" : "CONFIRM", - "url" : "http://koha-community.org/koha-3-6-1/#more-2929" - }, - { - "name" : "https://github.com/liblime/LibLime-Koha/commit/8ea6f7bc37d05a9ec25b5afbea011cf9de5f1e49#C4/Output.pm", - "refsource" : "CONFIRM", - "url" : "https://github.com/liblime/LibLime-Koha/commit/8ea6f7bc37d05a9ec25b5afbea011cf9de5f1e49#C4/Output.pm" - }, - { - "name" : "50812", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50812" - }, - { - "name" : "77322", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77322" - }, - { - "name" : "46980", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46980" - }, - { - "name" : "liblimekoha-opacmain-file-include(71478)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50812", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50812" + }, + { + "name": "http://koha-community.org/koha-3-6-1/#more-2929", + "refsource": "CONFIRM", + "url": "http://koha-community.org/koha-3-6-1/#more-2929" + }, + { + "name": "http://www.vigasis.com/en/?guncel_guvenlik=LibLime%20Koha%20%3C=%204.2%20Local%20File%20Inclusion%20Vulnerability&lnk=exploits/18153", + "refsource": "MISC", + "url": "http://www.vigasis.com/en/?guncel_guvenlik=LibLime%20Koha%20%3C=%204.2%20Local%20File%20Inclusion%20Vulnerability&lnk=exploits/18153" + }, + { + "name": "18153", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18153" + }, + { + "name": "http://koha-community.org/koha-3-4-7/#more-2971", + "refsource": "CONFIRM", + "url": "http://koha-community.org/koha-3-4-7/#more-2971" + }, + { + "name": "77322", + "refsource": "OSVDB", + "url": "http://osvdb.org/77322" + }, + { + "name": "46980", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46980" + }, + { + "name": "https://github.com/liblime/LibLime-Koha/commit/8ea6f7bc37d05a9ec25b5afbea011cf9de5f1e49#C4/Output.pm", + "refsource": "CONFIRM", + "url": "https://github.com/liblime/LibLime-Koha/commit/8ea6f7bc37d05a9ec25b5afbea011cf9de5f1e49#C4/Output.pm" + }, + { + "name": "liblimekoha-opacmain-file-include(71478)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71478" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4796.json b/2011/4xxx/CVE-2011-4796.json index 19503855a7b..a88f91f7405 100644 --- a/2011/4xxx/CVE-2011-4796.json +++ b/2011/4xxx/CVE-2011-4796.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4796", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4796", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4868.json b/2011/4xxx/CVE-2011-4868.json index fad37ff4c14..19b07ff7d98 100644 --- a/2011/4xxx/CVE-2011-4868.json +++ b/2011/4xxx/CVE-2011-4868.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4868", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4868", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://deepthought.isc.org/article/AA-00595", - "refsource" : "CONFIRM", - "url" : "https://deepthought.isc.org/article/AA-00595" - }, - { - "name" : "https://www.isc.org/software/dhcp/advisories/cve-2011-4868", - "refsource" : "CONFIRM", - "url" : "https://www.isc.org/software/dhcp/advisories/cve-2011-4868" - }, - { - "name" : "https://kb.isc.org/article/AA-00705", - "refsource" : "CONFIRM", - "url" : "https://kb.isc.org/article/AA-00705" - }, - { - "name" : "GLSA-201301-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201301-06.xml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.isc.org/article/AA-00705", + "refsource": "CONFIRM", + "url": "https://kb.isc.org/article/AA-00705" + }, + { + "name": "https://www.isc.org/software/dhcp/advisories/cve-2011-4868", + "refsource": "CONFIRM", + "url": "https://www.isc.org/software/dhcp/advisories/cve-2011-4868" + }, + { + "name": "https://deepthought.isc.org/article/AA-00595", + "refsource": "CONFIRM", + "url": "https://deepthought.isc.org/article/AA-00595" + }, + { + "name": "GLSA-201301-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201301-06.xml" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4986.json b/2011/4xxx/CVE-2011-4986.json index 343927d4874..e789f0da2cc 100644 --- a/2011/4xxx/CVE-2011-4986.json +++ b/2011/4xxx/CVE-2011-4986.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4986", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4986", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0070.json b/2013/0xxx/CVE-2013-0070.json index a400523670c..737bb8a6485 100644 --- a/2013/0xxx/CVE-2013-0070.json +++ b/2013/0xxx/CVE-2013-0070.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0070", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-0070", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1050.json b/2013/1xxx/CVE-2013-1050.json index 969c1ec4826..1bf014faa39 100644 --- a/2013/1xxx/CVE-2013-1050.json +++ b/2013/1xxx/CVE-2013-1050.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2013-1050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1120126", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1120126" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=683060", - "refsource" : "MISC", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=683060" - }, - { - "name" : "https://git.gnome.org/browse/gnome-screensaver/commit/?id=1940dc6bc8ad5ee2c029714efb1276c05ca80bd4", - "refsource" : "MISC", - "url" : "https://git.gnome.org/browse/gnome-screensaver/commit/?id=1940dc6bc8ad5ee2c029714efb1276c05ca80bd4" - }, - { - "name" : "USN-1716-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1716-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1120126", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/1120126" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=683060", + "refsource": "MISC", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=683060" + }, + { + "name": "https://git.gnome.org/browse/gnome-screensaver/commit/?id=1940dc6bc8ad5ee2c029714efb1276c05ca80bd4", + "refsource": "MISC", + "url": "https://git.gnome.org/browse/gnome-screensaver/commit/?id=1940dc6bc8ad5ee2c029714efb1276c05ca80bd4" + }, + { + "name": "USN-1716-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1716-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1171.json b/2013/1xxx/CVE-2013-1171.json index 03defc22cb2..62cc860c592 100644 --- a/2013/1xxx/CVE-2013-1171.json +++ b/2013/1xxx/CVE-2013-1171.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the element-list implementation in Cisco Connected Grid Network Management System (CG-NMS) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCue14517, CSCue38914, CSCue38884, CSCue38882, CSCue38881, CSCue38872, CSCue38868, CSCue38866, CSCue38853, and CSCue14540." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130401 Cisco Connected Grid Network Management System Cross-Site Scripting Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1171" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the element-list implementation in Cisco Connected Grid Network Management System (CG-NMS) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCue14517, CSCue38914, CSCue38884, CSCue38882, CSCue38881, CSCue38872, CSCue38868, CSCue38866, CSCue38853, and CSCue14540." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130401 Cisco Connected Grid Network Management System Cross-Site Scripting Vulnerabilities", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1171" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1613.json b/2013/1xxx/CVE-2013-1613.json index 2fd7214b6e0..cc621f757f0 100644 --- a/2013/1xxx/CVE-2013-1613.json +++ b/2013/1xxx/CVE-2013-1613.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1613", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2013-1613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130701_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130701_00" - }, - { - "name" : "60796", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130701_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130701_00" + }, + { + "name": "60796", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60796" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1792.json b/2013/1xxx/CVE-2013-1792.json index 47b85f5f711..7771deecabd 100644 --- a/2013/1xxx/CVE-2013-1792.json +++ b/2013/1xxx/CVE-2013-1792.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130307 CVE-2013-1792 Linux kernel: KEYS: race with concurrent install_user_keyrings()", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/03/07/1" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0da9dfdd2cd9889201bc6f6f43580c99165cd087", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0da9dfdd2cd9889201bc6f6f43580c99165cd087" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.3", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.3" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=916646", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=916646" - }, - { - "name" : "https://github.com/torvalds/linux/commit/0da9dfdd2cd9889201bc6f6f43580c99165cd087", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/0da9dfdd2cd9889201bc6f6f43580c99165cd087" - }, - { - "name" : "MDVSA-2013:176", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" - }, - { - "name" : "RHSA-2013:0744", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0744.html" - }, - { - "name" : "openSUSE-SU-2013:1187", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html" - }, - { - "name" : "openSUSE-SU-2014:0204", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html" - }, - { - "name" : "USN-1787-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1787-1" - }, - { - "name" : "USN-1788-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1788-1" - }, - { - "name" : "USN-1792-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1792-1" - }, - { - "name" : "USN-1798-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1798-1" - }, - { - "name" : "USN-1793-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1793-1" - }, - { - "name" : "USN-1794-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1794-1" - }, - { - "name" : "USN-1795-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1795-1" - }, - { - "name" : "USN-1796-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1796-1" - }, - { - "name" : "USN-1797-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1797-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1796-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1796-1" + }, + { + "name": "openSUSE-SU-2013:1187", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/0da9dfdd2cd9889201bc6f6f43580c99165cd087", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/0da9dfdd2cd9889201bc6f6f43580c99165cd087" + }, + { + "name": "MDVSA-2013:176", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" + }, + { + "name": "USN-1797-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1797-1" + }, + { + "name": "USN-1788-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1788-1" + }, + { + "name": "[oss-security] 20130307 CVE-2013-1792 Linux kernel: KEYS: race with concurrent install_user_keyrings()", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/03/07/1" + }, + { + "name": "USN-1793-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1793-1" + }, + { + "name": "USN-1792-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1792-1" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0da9dfdd2cd9889201bc6f6f43580c99165cd087", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0da9dfdd2cd9889201bc6f6f43580c99165cd087" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=916646", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916646" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.3", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.3" + }, + { + "name": "USN-1794-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1794-1" + }, + { + "name": "RHSA-2013:0744", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html" + }, + { + "name": "USN-1795-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1795-1" + }, + { + "name": "USN-1787-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1787-1" + }, + { + "name": "openSUSE-SU-2014:0204", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html" + }, + { + "name": "USN-1798-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1798-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5083.json b/2013/5xxx/CVE-2013-5083.json index b4dc540aae5..447096a4c9f 100644 --- a/2013/5xxx/CVE-2013-5083.json +++ b/2013/5xxx/CVE-2013-5083.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5083", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-5083", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5470.json b/2013/5xxx/CVE-2013-5470.json index 3bf72d368da..d4c66125ec2 100644 --- a/2013/5xxx/CVE-2013-5470.json +++ b/2013/5xxx/CVE-2013-5470.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Secure Access Control System (ACS) does not properly handle requests to read from the TACACS+ socket, which allows remote attackers to cause a denial of service (process crash) via malformed TCP packets, aka Bug ID CSCuh12488." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-5470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130903 Cisco Secure Access Control System Malformed Packet Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5470" - }, - { - "name" : "62145", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62145" - }, - { - "name" : "96822", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/96822" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Secure Access Control System (ACS) does not properly handle requests to read from the TACACS+ socket, which allows remote attackers to cause a denial of service (process crash) via malformed TCP packets, aka Bug ID CSCuh12488." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130903 Cisco Secure Access Control System Malformed Packet Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5470" + }, + { + "name": "96822", + "refsource": "OSVDB", + "url": "http://osvdb.org/96822" + }, + { + "name": "62145", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62145" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5504.json b/2013/5xxx/CVE-2013-5504.json index 6c6e139fd1d..4c339da129e 100644 --- a/2013/5xxx/CVE-2013-5504.json +++ b/2013/5xxx/CVE-2013-5504.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Mobile Device Management (MDM) portal in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30266." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-5504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=31007", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=31007" - }, - { - "name" : "20130927 Cisco Identity Services Engine Mobile Device Management Portal Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5504" - }, - { - "name" : "62694", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62694" - }, - { - "name" : "97877", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/97877" - }, - { - "name" : "1029110", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029110" - }, - { - "name" : "cisco-ise-cve20135504-xss(87531)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Mobile Device Management (MDM) portal in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30266." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029110", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029110" + }, + { + "name": "97877", + "refsource": "OSVDB", + "url": "http://osvdb.org/97877" + }, + { + "name": "20130927 Cisco Identity Services Engine Mobile Device Management Portal Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5504" + }, + { + "name": "cisco-ise-cve20135504-xss(87531)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87531" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31007", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31007" + }, + { + "name": "62694", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62694" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5717.json b/2013/5xxx/CVE-2013-5717.json index 85e1ca4ee5f..e9e9f9a40bf 100644 --- a/2013/5xxx/CVE-2013-5717.json +++ b/2013/5xxx/CVE-2013-5717.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5717", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that is not properly handled by the wmem_block_alloc function in epan/wmem/wmem_allocator_block.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=51130", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=51130" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8827", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8827" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2013-54.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2013-54.html" - }, - { - "name" : "oval:org.mitre.oval:def:19030", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that is not properly handled by the wmem_block_alloc function in epan/wmem/wmem_allocator_block.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=51130", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=51130" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2013-54.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2013-54.html" + }, + { + "name": "oval:org.mitre.oval:def:19030", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19030" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8827", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8827" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2052.json b/2014/2xxx/CVE-2014-2052.json index 2080fbe0312..0121153c4fa 100644 --- a/2014/2xxx/CVE-2014-2052.json +++ b/2014/2xxx/CVE-2014-2052.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2052", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2052", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2158.json b/2014/2xxx/CVE-2014-2158.json index f0aa4c13b78..8fc88cb7c57 100644 --- a/2014/2xxx/CVE-2014-2158.json +++ b/2014/2xxx/CVE-2014-2158.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45720." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-2158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45720." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2303.json b/2014/2xxx/CVE-2014-2303.json index 16e0eaca8ac..b498d1621a1 100644 --- a/2014/2xxx/CVE-2014-2303.json +++ b/2014/2xxx/CVE-2014-2303.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140528 [RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532231/100/0/threaded" - }, - { - "name" : "20140528 [RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/May/148" - }, - { - "name" : "http://www.webedition.org/de/aktuelles/allgemein/Wichtiges-Sicherheitsupdate-fuer-CMS-webEdition-veroeffentlicht", - "refsource" : "MISC", - "url" : "http://www.webedition.org/de/aktuelles/allgemein/Wichtiges-Sicherheitsupdate-fuer-CMS-webEdition-veroeffentlicht" - }, - { - "name" : "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-005/-sql-injection-in-webedition-cms-file-browser", - "refsource" : "MISC", - "url" : "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-005/-sql-injection-in-webedition-cms-file-browser" - }, - { - "name" : "http://packetstormsecurity.com/files/126862/webEdition-CMS-6.3.8.0-svn6985-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126862/webEdition-CMS-6.3.8.0-svn6985-SQL-Injection.html" - }, - { - "name" : "67689", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140528 [RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532231/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/126862/webEdition-CMS-6.3.8.0-svn6985-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126862/webEdition-CMS-6.3.8.0-svn6985-SQL-Injection.html" + }, + { + "name": "20140528 [RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/May/148" + }, + { + "name": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-005/-sql-injection-in-webedition-cms-file-browser", + "refsource": "MISC", + "url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-005/-sql-injection-in-webedition-cms-file-browser" + }, + { + "name": "67689", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67689" + }, + { + "name": "http://www.webedition.org/de/aktuelles/allgemein/Wichtiges-Sicherheitsupdate-fuer-CMS-webEdition-veroeffentlicht", + "refsource": "MISC", + "url": "http://www.webedition.org/de/aktuelles/allgemein/Wichtiges-Sicherheitsupdate-fuer-CMS-webEdition-veroeffentlicht" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2353.json b/2014/2xxx/CVE-2014-2353.json index d1d595fe3f5..a3599c7cc07 100644 --- a/2014/2xxx/CVE-2014-2353.json +++ b/2014/2xxx/CVE-2014-2353.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-2353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2432.json b/2014/2xxx/CVE-2014-2432.json index 6afb7928074..045eb5af34a 100644 --- a/2014/2xxx/CVE-2014-2432.json +++ b/2014/2xxx/CVE-2014-2432.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-2432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "GLSA-201409-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201409-04.xml" - }, - { - "name" : "RHSA-2014:0522", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0522.html" - }, - { - "name" : "RHSA-2014:0536", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0536.html" - }, - { - "name" : "RHSA-2014:0537", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0537.html" - }, - { - "name" : "RHSA-2014:0702", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0702.html" - }, - { - "name" : "66875", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66875" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0536", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0536.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" + }, + { + "name": "RHSA-2014:0522", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0522.html" + }, + { + "name": "66875", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66875" + }, + { + "name": "RHSA-2014:0537", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0537.html" + }, + { + "name": "RHSA-2014:0702", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0702.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + }, + { + "name": "GLSA-201409-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201409-04.xml" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2578.json b/2014/2xxx/CVE-2014-2578.json index 3b61913fbea..6472a842f39 100644 --- a/2014/2xxx/CVE-2014-2578.json +++ b/2014/2xxx/CVE-2014-2578.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.splunk.com/view/SP-CAAAKQX", - "refsource" : "CONFIRM", - "url" : "http://www.splunk.com/view/SP-CAAAKQX" - }, - { - "name" : "66453", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66453" - }, - { - "name" : "1029966", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029966" - }, - { - "name" : "57554", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57554" - }, - { - "name" : "splunk-cve20142578-xss(92126)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "66453", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66453" + }, + { + "name": "http://www.splunk.com/view/SP-CAAAKQX", + "refsource": "CONFIRM", + "url": "http://www.splunk.com/view/SP-CAAAKQX" + }, + { + "name": "1029966", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029966" + }, + { + "name": "57554", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57554" + }, + { + "name": "splunk-cve20142578-xss(92126)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92126" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2901.json b/2014/2xxx/CVE-2014-2901.json index e337ae23da3..ead577dad70 100644 --- a/2014/2xxx/CVE-2014-2901.json +++ b/2014/2xxx/CVE-2014-2901.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2901", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2901", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6082.json b/2014/6xxx/CVE-2014-6082.json index b1bff34e29a..bd1f26845bf 100644 --- a/2014/6xxx/CVE-2014-6082.json +++ b/2014/6xxx/CVE-2014-6082.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service (administration UI outage) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21684475", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21684475" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21691601", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21691601" - }, - { - "name" : "IV67358", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358" - }, - { - "name" : "IV67581", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581" - }, - { - "name" : "61945", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61945" - }, - { - "name" : "ibm-sam-cve20146082-dos(95809)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service (administration UI outage) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21684475", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684475" + }, + { + "name": "61945", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61945" + }, + { + "name": "IV67358", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21691601", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691601" + }, + { + "name": "IV67581", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581" + }, + { + "name": "ibm-sam-cve20146082-dos(95809)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95809" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0496.json b/2017/0xxx/CVE-2017-0496.json index b32216ddf1d..4ecd7565ef5 100644 --- a/2017/0xxx/CVE-2017-0496.json +++ b/2017/0xxx/CVE-2017-0496.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-5.0.2" - }, - { - "version_value" : "Android-5.1.1" - }, - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability in Setup Wizard could allow a local malicious application to temporarily block access to an affected device. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-31554152." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-5.0.2" + }, + { + "version_value": "Android-5.1.1" + }, + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01" - }, - { - "name" : "96788", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96788" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability in Setup Wizard could allow a local malicious application to temporarily block access to an affected device. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-31554152." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "96788", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96788" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0688.json b/2017/0xxx/CVE-2017-0688.json index 7afa799cd91..7cdeede50d9 100644 --- a/2017/0xxx/CVE-2017-0688.json +++ b/2017/0xxx/CVE-2017-0688.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-07-05T00:00:00", - "ID" : "CVE-2017-0688", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35584425." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-07-05T00:00:00", + "ID": "CVE-2017-0688", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "99478", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35584425." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + }, + { + "name": "99478", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99478" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0760.json b/2017/0xxx/CVE-2017-0760.json index 57eb3cb656a..206a9e80928 100644 --- a/2017/0xxx/CVE-2017-0760.json +++ b/2017/0xxx/CVE-2017-0760.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-09-05T00:00:00", - "ID" : "CVE-2017-0760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237396." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-09-05T00:00:00", + "ID": "CVE-2017-0760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "100649", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100649" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237396." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100649", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100649" + }, + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0938.json b/2017/0xxx/CVE-2017-0938.json index 58a6bfa993e..0470d4417b2 100644 --- a/2017/0xxx/CVE-2017-0938.json +++ b/2017/0xxx/CVE-2017-0938.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2019-02-06T00:00:00", - "ID" : "CVE-2017-0938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "airMAX, EdgeMAX", - "version" : { - "version_data" : [ - { - "version_value" : "airMAX < 8.3.2, airMAX < 6.0.7, EdgeRouter < v1.9.7" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service (CWE-400)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2019-02-06T00:00:00", + "ID": "CVE-2017-0938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "airMAX, EdgeMAX", + "version": { + "version_data": [ + { + "version_value": "airMAX < 8.3.2, airMAX < 6.0.7, EdgeRouter < v1.9.7" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522", - "refsource" : "MISC", - "url" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522" - }, - { - "name" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215", - "refsource" : "MISC", - "url" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215" - }, - { - "name" : "https://hackerone.com/reports/221625", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/221625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (CWE-400)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522", + "refsource": "MISC", + "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522" + }, + { + "name": "https://hackerone.com/reports/221625", + "refsource": "MISC", + "url": "https://hackerone.com/reports/221625" + }, + { + "name": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215", + "refsource": "MISC", + "url": "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0972.json b/2017/0xxx/CVE-2017-0972.json index e24bb78c2a1..8be0ec0f0e3 100644 --- a/2017/0xxx/CVE-2017-0972.json +++ b/2017/0xxx/CVE-2017-0972.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0972", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0972", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000152.json b/2017/1000xxx/CVE-2017-1000152.json index fbfbd5a0f95..1640176b829 100644 --- a/2017/1000xxx/CVE-2017-1000152.json +++ b/2017/1000xxx/CVE-2017-1000152.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.363215", - "ID" : "CVE-2017-1000152", - "REQUESTER" : "info@mahara.org", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mahara", - "version" : { - "version_data" : [ - { - "version_value" : "<15.04.7, <15.10.3, running PHP 5.3" - } - ] - } - } - ] - }, - "vendor_name" : "Mahara" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged out of Mahara, such as an admin changing another user's account settings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Sessions" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.363215", + "ID": "CVE-2017-1000152", + "REQUESTER": "info@mahara.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/mahara/+bug/1570744", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/mahara/+bug/1570744" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged out of Mahara, such as an admin changing another user's account settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/mahara/+bug/1570744", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/mahara/+bug/1570744" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000408.json b/2017/1000xxx/CVE-2017-1000408.json index f0ac85b60e2..a6a8424b644 100644 --- a/2017/1000xxx/CVE-2017-1000408.json +++ b/2017/1000xxx/CVE-2017-1000408.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-12-05", - "ID" : "CVE-2017-1000408", - "REQUESTER" : "qsa@qualys.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "glibc", - "version" : { - "version_data" : [ - { - "version_value" : "glibc with commit ab7eb292307152e706948a7b19164ff5e6d593d4 and later" - } - ] - } - } - ] - }, - "vendor_name" : "glibc" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-400" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-12-05", + "ID": "CVE-2017-1000408", + "REQUESTER": "qsa@qualys.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43331", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43331/" - }, - { - "name" : "[oss-security] 20171211 Qualys Security Advisory - Buffer overflow in glibc's ld.so", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2017/q4/385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43331", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43331/" + }, + { + "name": "[oss-security] 20171211 Qualys Security Advisory - Buffer overflow in glibc's ld.so", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2017/q4/385" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000439.json b/2017/1000xxx/CVE-2017-1000439.json index a0b2a4a3949..7dcbbb66538 100644 --- a/2017/1000xxx/CVE-2017-1000439.json +++ b/2017/1000xxx/CVE-2017-1000439.json @@ -1,21 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_ASSIGNED" : "2017-12-29", - "ID" : "CVE-2017-1000439", - "REQUESTER" : "au1ge.xyz@gmail.com", - "STATE" : "REJECT", - "STATE_DETAIL" : "DUPLICATE of CVE-2017-14601" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14601. Reason: This candidate is a reservation duplicate of CVE-2017-14601. Notes: All CVE users should reference CVE-2017-14601 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1000439", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14601. Reason: This candidate is a reservation duplicate of CVE-2017-14601. Notes: All CVE users should reference CVE-2017-14601 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16008.json b/2017/16xxx/CVE-2017-16008.json index ed3deb84426..0559258b34a 100644 --- a/2017/16xxx/CVE-2017-16008.json +++ b/2017/16xxx/CVE-2017-16008.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "i18next node module", - "version" : { - "version_data" : [ - { - "version_value" : "<=1.10.2" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "i18next is a language translation framework. Because of how the interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of the dictionary keys to inject script into the browser. This affects i18next <=1.10.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site Scripting (XSS) - Generic (CWE-79)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "i18next node module", + "version": { + "version_data": [ + { + "version_value": "<=1.10.2" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/i18next/i18next/pull/443", - "refsource" : "MISC", - "url" : "https://github.com/i18next/i18next/pull/443" - }, - { - "name" : "https://nodesecurity.io/advisories/325", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/325" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "i18next is a language translation framework. Because of how the interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of the dictionary keys to inject script into the browser. This affects i18next <=1.10.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Generic (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/325", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/325" + }, + { + "name": "https://github.com/i18next/i18next/pull/443", + "refsource": "MISC", + "url": "https://github.com/i18next/i18next/pull/443" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16237.json b/2017/16xxx/CVE-2017-16237.json index 4f4ca15ec6c..23125a7fdc3 100644 --- a/2017/16xxx/CVE-2017-16237.json +++ b/2017/16xxx/CVE-2017-16237.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43109", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43109/" - }, - { - "name" : "101851", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101851" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101851", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101851" + }, + { + "name": "43109", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43109/" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16748.json b/2017/16xxx/CVE-2017-16748.json index 4745443b899..3439fe8c357 100644 --- a/2017/16xxx/CVE-2017-16748.json +++ b/2017/16xxx/CVE-2017-16748.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-08-16T00:00:00", - "ID" : "CVE-2017-16748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Niagara AX Framework and Niagara 4 Framework", - "version" : { - "version_data" : [ - { - "version_value" : "Niagara AX Framework Versions 3.8 and prior and Niagara 4 Framework Versions 4.4 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER AUTHENTICATION CWE-287" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-08-16T00:00:00", + "ID": "CVE-2017-16748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Niagara AX Framework and Niagara 4 Framework", + "version": { + "version_data": [ + { + "version_value": "Niagara AX Framework Versions 3.8 and prior and Niagara 4 Framework Versions 4.4 and prior" + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03" - }, - { - "name" : "105101", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER AUTHENTICATION CWE-287" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105101", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105101" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-03" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1076.json b/2017/1xxx/CVE-2017-1076.json index cbc1cd8fa50..92433c9f6ae 100644 --- a/2017/1xxx/CVE-2017-1076.json +++ b/2017/1xxx/CVE-2017-1076.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1076", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1076", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1321.json b/2017/1xxx/CVE-2017-1321.json index 07e4da296ce..1344c8b2c94 100644 --- a/2017/1xxx/CVE-2017-1321.json +++ b/2017/1xxx/CVE-2017-1321.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-07-10T00:00:00", - "ID" : "CVE-2017-1321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "InfoSphere Information Server", - "version" : { - "version_data" : [ - { - "version_value" : "9.1" - }, - { - "version_value" : "11.3" - }, - { - "version_value" : "11.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125916." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-07-10T00:00:00", + "ID": "CVE-2017-1321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "InfoSphere Information Server", + "version": { + "version_data": [ + { + "version_value": "9.1" + }, + { + "version_value": "11.3" + }, + { + "version_value": "11.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125916", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125916" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22004729", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22004729" - }, - { - "name" : "99537", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125916." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22004729", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22004729" + }, + { + "name": "99537", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99537" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125916", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125916" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1370.json b/2017/1xxx/CVE-2017-1370.json index bb681dd5f2b..2da74982ffe 100644 --- a/2017/1xxx/CVE-2017-1370.json +++ b/2017/1xxx/CVE-2017-1370.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-07-21T00:00:00", - "ID" : "CVE-2017-1370", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jazz Reporting Service", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-07-21T00:00:00", + "ID": "CVE-2017-1370", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jazz Reporting Service", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126863", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126863" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22005868", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22005868" - }, - { - "name" : "99954", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99954" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99954", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99954" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22005868", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22005868" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126863", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126863" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1932.json b/2017/1xxx/CVE-2017-1932.json index a2c994d7e11..b3e585deabc 100644 --- a/2017/1xxx/CVE-2017-1932.json +++ b/2017/1xxx/CVE-2017-1932.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1932", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1932", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1997.json b/2017/1xxx/CVE-2017-1997.json index 06cce84f6a3..f59c577b3d1 100644 --- a/2017/1xxx/CVE-2017-1997.json +++ b/2017/1xxx/CVE-2017-1997.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1997", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1997", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4325.json b/2017/4xxx/CVE-2017-4325.json index afaf1a70ec5..462c1732f35 100644 --- a/2017/4xxx/CVE-2017-4325.json +++ b/2017/4xxx/CVE-2017-4325.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4325", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4325", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4510.json b/2017/4xxx/CVE-2017-4510.json index 032e0fe0a91..2a128e17db7 100644 --- a/2017/4xxx/CVE-2017-4510.json +++ b/2017/4xxx/CVE-2017-4510.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4510", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4510", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4704.json b/2017/4xxx/CVE-2017-4704.json index 767ff4a33c2..225918852c1 100644 --- a/2017/4xxx/CVE-2017-4704.json +++ b/2017/4xxx/CVE-2017-4704.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4704", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4704", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4744.json b/2017/4xxx/CVE-2017-4744.json index a7f5a75f48a..40d8daddd67 100644 --- a/2017/4xxx/CVE-2017-4744.json +++ b/2017/4xxx/CVE-2017-4744.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4744", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4744", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file