From 5156535678c1807a211709e2328ee3b97a45fe0d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:12:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0133.json | 150 ++++++------- 2006/0xxx/CVE-2006-0270.json | 230 ++++++++++---------- 2006/0xxx/CVE-2006-0692.json | 180 ++++++++-------- 2006/1xxx/CVE-2006-1453.json | 260 +++++++++++------------ 2006/1xxx/CVE-2006-1669.json | 160 +++++++------- 2006/3xxx/CVE-2006-3256.json | 150 ++++++------- 2006/3xxx/CVE-2006-3445.json | 220 ++++++++++---------- 2006/3xxx/CVE-2006-3501.json | 190 ++++++++--------- 2006/4xxx/CVE-2006-4092.json | 170 +++++++-------- 2006/4xxx/CVE-2006-4267.json | 250 +++++++++++----------- 2006/4xxx/CVE-2006-4311.json | 170 +++++++-------- 2006/4xxx/CVE-2006-4688.json | 200 +++++++++--------- 2006/4xxx/CVE-2006-4696.json | 200 +++++++++--------- 2006/4xxx/CVE-2006-4955.json | 160 +++++++------- 2010/2xxx/CVE-2010-2046.json | 160 +++++++------- 2010/2xxx/CVE-2010-2714.json | 150 ++++++------- 2010/2xxx/CVE-2010-2869.json | 160 +++++++------- 2010/3xxx/CVE-2010-3185.json | 34 +-- 2010/3xxx/CVE-2010-3244.json | 130 ++++++------ 2010/3xxx/CVE-2010-3277.json | 160 +++++++------- 2010/4xxx/CVE-2010-4229.json | 200 +++++++++--------- 2011/0xxx/CVE-2011-0249.json | 150 ++++++------- 2011/1xxx/CVE-2011-1641.json | 34 +-- 2011/1xxx/CVE-2011-1709.json | 200 +++++++++--------- 2011/1xxx/CVE-2011-1760.json | 260 +++++++++++------------ 2011/1xxx/CVE-2011-1980.json | 140 ++++++------- 2011/5xxx/CVE-2011-5121.json | 120 +++++------ 2014/3xxx/CVE-2014-3030.json | 34 +-- 2014/3xxx/CVE-2014-3273.json | 130 ++++++------ 2014/3xxx/CVE-2014-3311.json | 150 ++++++------- 2014/3xxx/CVE-2014-3467.json | 350 +++++++++++++++---------------- 2014/3xxx/CVE-2014-3497.json | 180 ++++++++-------- 2014/3xxx/CVE-2014-3542.json | 140 ++++++------- 2014/3xxx/CVE-2014-3701.json | 34 +-- 2014/3xxx/CVE-2014-3791.json | 160 +++++++------- 2014/6xxx/CVE-2014-6183.json | 130 ++++++------ 2014/6xxx/CVE-2014-6795.json | 140 ++++++------- 2014/6xxx/CVE-2014-6872.json | 140 ++++++------- 2014/7xxx/CVE-2014-7023.json | 140 ++++++------- 2014/7xxx/CVE-2014-7604.json | 140 ++++++------- 2014/7xxx/CVE-2014-7699.json | 34 +-- 2014/7xxx/CVE-2014-7938.json | 220 ++++++++++---------- 2014/8xxx/CVE-2014-8220.json | 34 +-- 2014/8xxx/CVE-2014-8483.json | 220 ++++++++++---------- 2014/8xxx/CVE-2014-8530.json | 120 +++++------ 2014/8xxx/CVE-2014-8648.json | 34 +-- 2014/9xxx/CVE-2014-9388.json | 160 +++++++------- 2016/2xxx/CVE-2016-2155.json | 150 ++++++------- 2016/2xxx/CVE-2016-2605.json | 34 +-- 2016/2xxx/CVE-2016-2651.json | 34 +-- 2016/2xxx/CVE-2016-2797.json | 370 ++++++++++++++++----------------- 2016/2xxx/CVE-2016-2896.json | 34 +-- 2016/6xxx/CVE-2016-6022.json | 226 ++++++++++---------- 2017/18xxx/CVE-2017-18348.json | 140 ++++++------- 2017/5xxx/CVE-2017-5144.json | 130 ++++++------ 2017/5xxx/CVE-2017-5448.json | 232 ++++++++++----------- 2017/5xxx/CVE-2017-5462.json | 264 +++++++++++------------ 2017/5xxx/CVE-2017-5630.json | 140 ++++++------- 2017/5xxx/CVE-2017-5717.json | 132 ++++++------ 59 files changed, 4582 insertions(+), 4582 deletions(-) diff --git a/2006/0xxx/CVE-2006-0133.json b/2006/0xxx/CVE-2006-0133.json index 8bca7c96c3d..48caf318ba6 100644 --- a/2006/0xxx/CVE-2006-0133.json +++ b/2006/0xxx/CVE-2006-0133.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow local users to determine the existence of files and read partial contents of certain files via a .. (dot dot) in the argument to (1) getCommand.new (aka getCommand) and (2) getShell, a different vulnerability than CVE-2005-4273." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060101 [xfocus-SD-060101]AIX getCommand&getShell two vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420589/100/0/threaded" - }, - { - "name" : "16102", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16102" - }, - { - "name" : "16103", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16103" - }, - { - "name" : "1015429", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015429" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow local users to determine the existence of files and read partial contents of certain files via a .. (dot dot) in the argument to (1) getCommand.new (aka getCommand) and (2) getShell, a different vulnerability than CVE-2005-4273." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015429", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015429" + }, + { + "name": "16102", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16102" + }, + { + "name": "16103", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16103" + }, + { + "name": "20060101 [xfocus-SD-060101]AIX getCommand&getShell two vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420589/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0270.json b/2006/0xxx/CVE-2006-0270.json index 753296b30a4..97ee8abda66 100644 --- a/2006/0xxx/CVE-2006-0270.json +++ b/2006/0xxx/CVE-2006-0270.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB27. NOTE: Oracle has not disputed a reliable researcher report that TDA stores the master key without encryption, which allows local users to obtain the key via the SGA." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060117 Oracle Database 10g Rel. 2- Transparent Data Encryption plaintext masterkey in SGA", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/422262/30/7400/threaded" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_tde_unencrypted_sga.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_tde_unencrypted_sga.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" - }, - { - "name" : "VU#545804", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/545804" - }, - { - "name" : "16287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16287" - }, - { - "name" : "ADV-2006-0243", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0243" - }, - { - "name" : "ADV-2006-0323", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0323" - }, - { - "name" : "1015499", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015499" - }, - { - "name" : "18493", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18493" - }, - { - "name" : "18608", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18608" - }, - { - "name" : "oracle-january2006-update(24321)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" - }, - { - "name" : "oracle-sga-masterkey-plaintext(24186)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24186" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB27. NOTE: Oracle has not disputed a reliable researcher report that TDA stores the master key without encryption, which allows local users to obtain the key via the SGA." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-sga-masterkey-plaintext(24186)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24186" + }, + { + "name": "oracle-january2006-update(24321)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" + }, + { + "name": "18493", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18493" + }, + { + "name": "ADV-2006-0323", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0323" + }, + { + "name": "16287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16287" + }, + { + "name": "VU#545804", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/545804" + }, + { + "name": "1015499", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015499" + }, + { + "name": "ADV-2006-0243", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0243" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" + }, + { + "name": "18608", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18608" + }, + { + "name": "20060117 Oracle Database 10g Rel. 2- Transparent Data Encryption plaintext masterkey in SGA", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/422262/30/7400/threaded" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_tde_unencrypted_sga.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_tde_unencrypted_sga.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0692.json b/2006/0xxx/CVE-2006-0692.json index ad90556535a..566b8812d30 100644 --- a/2006/0xxx/CVE-2006-0692.json +++ b/2006/0xxx/CVE-2006-0692.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL Timesheet 1 and 2 allow remote attackers to execute arbitrary SQL commands via the (1) yr, (2) month, (3) day, and (4) job parameters in (a) index.php and (b) changehrs.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060217 [eVuln] PHP/MYSQL Timesheet Multiple SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425316/100/0/threaded" - }, - { - "name" : "http://www.evuln.com/vulns/67/summary.html", - "refsource" : "MISC", - "url" : "http://www.evuln.com/vulns/67/summary.html" - }, - { - "name" : "16620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16620" - }, - { - "name" : "ADV-2006-0522", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0522" - }, - { - "name" : "18822", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18822" - }, - { - "name" : "451", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/451" - }, - { - "name" : "phpmysqltimesheet-multiple-sql-injection(24567)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL Timesheet 1 and 2 allow remote attackers to execute arbitrary SQL commands via the (1) yr, (2) month, (3) day, and (4) job parameters in (a) index.php and (b) changehrs.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16620" + }, + { + "name": "ADV-2006-0522", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0522" + }, + { + "name": "18822", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18822" + }, + { + "name": "451", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/451" + }, + { + "name": "20060217 [eVuln] PHP/MYSQL Timesheet Multiple SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425316/100/0/threaded" + }, + { + "name": "http://www.evuln.com/vulns/67/summary.html", + "refsource": "MISC", + "url": "http://www.evuln.com/vulns/67/summary.html" + }, + { + "name": "phpmysqltimesheet-multiple-sql-injection(24567)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24567" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1453.json b/2006/1xxx/CVE-2006-1453.json index 942cfed174c..47854dd881b 100644 --- a/2006/1xxx/CVE-2006-1453.json +++ b/2006/1xxx/CVE-2006-1453.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickDraw PICT image format file containing malformed font information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060512 Apple QuickDraw/QuickTime Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433831/100/0/threaded" - }, - { - "name" : "APPLE-SA-2006-05-11", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00002.html" - }, - { - "name" : "APPLE-SA-2006-05-11", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html" - }, - { - "name" : "TA06-132A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-132A.html" - }, - { - "name" : "TA06-132B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-132B.html" - }, - { - "name" : "17953", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17953" - }, - { - "name" : "17951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17951" - }, - { - "name" : "ADV-2006-1778", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1778" - }, - { - "name" : "ADV-2006-1779", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1779" - }, - { - "name" : "1016067", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016067" - }, - { - "name" : "1016075", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016075" - }, - { - "name" : "20069", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20069" - }, - { - "name" : "20077", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20077" - }, - { - "name" : "887", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/887" - }, - { - "name" : "quicktime-pict-font-bo(26400)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickDraw PICT image format file containing malformed font information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17951" + }, + { + "name": "20069", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20069" + }, + { + "name": "ADV-2006-1779", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1779" + }, + { + "name": "TA06-132A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html" + }, + { + "name": "quicktime-pict-font-bo(26400)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26400" + }, + { + "name": "APPLE-SA-2006-05-11", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00002.html" + }, + { + "name": "1016067", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016067" + }, + { + "name": "TA06-132B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-132B.html" + }, + { + "name": "1016075", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016075" + }, + { + "name": "APPLE-SA-2006-05-11", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html" + }, + { + "name": "887", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/887" + }, + { + "name": "17953", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17953" + }, + { + "name": "ADV-2006-1778", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1778" + }, + { + "name": "20060512 Apple QuickDraw/QuickTime Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433831/100/0/threaded" + }, + { + "name": "20077", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20077" + } + ] + } +} \ No newline at end of file diff --git a/2006/1xxx/CVE-2006-1669.json b/2006/1xxx/CVE-2006-1669.json index 54fee64d551..42e7206c07c 100644 --- a/2006/1xxx/CVE-2006-1669.json +++ b/2006/1xxx/CVE-2006-1669.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-1669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team PHPMyChat 0.14.5 and earlier allows remote attackers to execute arbitrary SQL commands via the T parameter. NOTE: this issue can be leveraged to execute arbitrary shell commands since the username is later processed in an eval() call, but since the username originated from the SQL injection, it could be a resultant issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-1669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060405 PHPMyChat <= 0.14.5 remote commands execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430358/100/0/threaded" - }, - { - "name" : "1646", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1646" - }, - { - "name" : "17382", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17382" - }, - { - "name" : "1015873", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015873" - }, - { - "name" : "phpmychat-messagesl-sql-injection(25687)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25687" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team PHPMyChat 0.14.5 and earlier allows remote attackers to execute arbitrary SQL commands via the T parameter. NOTE: this issue can be leveraged to execute arbitrary shell commands since the username is later processed in an eval() call, but since the username originated from the SQL injection, it could be a resultant issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17382", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17382" + }, + { + "name": "phpmychat-messagesl-sql-injection(25687)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25687" + }, + { + "name": "1646", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1646" + }, + { + "name": "1015873", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015873" + }, + { + "name": "20060405 PHPMyChat <= 0.14.5 remote commands execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430358/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3256.json b/2006/3xxx/CVE-2006-3256.json index 6164ab4eb8f..96c6f3e27fb 100644 --- a/2006/3xxx/CVE-2006-3256.json +++ b/2006/3xxx/CVE-2006-3256.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in report.php in Woltlab Burning Board (WBB) 2.3.1 allows remote attackers to execute arbitrary SQL commands via the postid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060622 WBB<<---v2.3.1\"report.php\" SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/lists/bugtraq/2006/Jun/0614.html" - }, - { - "name" : "18597", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18597" - }, - { - "name" : "1016374", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016374" - }, - { - "name" : "wbb-report-sql-injection(27351)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27351" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in report.php in Woltlab Burning Board (WBB) 2.3.1 allows remote attackers to execute arbitrary SQL commands via the postid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18597", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18597" + }, + { + "name": "20060622 WBB<<---v2.3.1\"report.php\" SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/lists/bugtraq/2006/Jun/0614.html" + }, + { + "name": "wbb-report-sql-injection(27351)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27351" + }, + { + "name": "1016374", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016374" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3445.json b/2006/3xxx/CVE-2006-3445.json index 38fec029f8d..fccdb5178e9 100644 --- a/2006/3xxx/CVE-2006-3445.json +++ b/2006/3xxx/CVE-2006-3445.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-3445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070130 COSEINC Alert: Microsoft Agent Heap Overflow Vulnerability Technical Details (Patched)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/458558/100/0/threaded" - }, - { - "name" : "http://www.coseinc.com/alert.html", - "refsource" : "MISC", - "url" : "http://www.coseinc.com/alert.html" - }, - { - "name" : "MS06-068", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-068" - }, - { - "name" : "TA06-318A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-318A.html" - }, - { - "name" : "VU#810772", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/810772" - }, - { - "name" : "21034", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21034" - }, - { - "name" : "ADV-2006-4506", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4506" - }, - { - "name" : "oval:org.mitre.oval:def:154", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A154" - }, - { - "name" : "1017222", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017222" - }, - { - "name" : "22878", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22878" - }, - { - "name" : "ms-agent-acf-bo(29945)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA06-318A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html" + }, + { + "name": "ADV-2006-4506", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4506" + }, + { + "name": "22878", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22878" + }, + { + "name": "21034", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21034" + }, + { + "name": "VU#810772", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/810772" + }, + { + "name": "20070130 COSEINC Alert: Microsoft Agent Heap Overflow Vulnerability Technical Details (Patched)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/458558/100/0/threaded" + }, + { + "name": "ms-agent-acf-bo(29945)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29945" + }, + { + "name": "MS06-068", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-068" + }, + { + "name": "oval:org.mitre.oval:def:154", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A154" + }, + { + "name": "1017222", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017222" + }, + { + "name": "http://www.coseinc.com/alert.html", + "refsource": "MISC", + "url": "http://www.coseinc.com/alert.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3501.json b/2006/3xxx/CVE-2006-3501.json index 2454845d610..7e475dff98e 100644 --- a/2006/3xxx/CVE-2006-3501.json +++ b/2006/3xxx/CVE-2006-3501.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Radiance image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2006-08-01", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html" - }, - { - "name" : "TA06-214A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-214A.html" - }, - { - "name" : "VU#172244", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/172244" - }, - { - "name" : "19289", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19289" - }, - { - "name" : "ADV-2006-3101", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3101" - }, - { - "name" : "27740", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27740" - }, - { - "name" : "21253", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21253" - }, - { - "name" : "macosx-imageio-radiance-overflow(28143)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28143" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Radiance image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2006-08-01", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html" + }, + { + "name": "VU#172244", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/172244" + }, + { + "name": "ADV-2006-3101", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3101" + }, + { + "name": "21253", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21253" + }, + { + "name": "19289", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19289" + }, + { + "name": "27740", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27740" + }, + { + "name": "TA06-214A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html" + }, + { + "name": "macosx-imageio-radiance-overflow(28143)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28143" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4092.json b/2006/4xxx/CVE-2006-4092.json index 77c30672b24..7a9ae860562 100644 --- a/2006/4xxx/CVE-2006-4092.json +++ b/2006/4xxx/CVE-2006-4092.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Simpliciti Locked Browser does not properly limit a user's actions to ones within the intended Internet Explorer environment, which allows local users to perform unauthorized actions by visiting a web site that executes a JavaScript window.blur loop to remove focus from the browser window, then pressing CTRL-SHIFT-ESC to invoke the Task Manager." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060802 Simpliciti Locked Browser Jail Breakout Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442058/100/100/threaded" - }, - { - "name" : "20060822 Simpliciti Locked Browser Jail Breakout Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444026/100/100/threaded" - }, - { - "name" : "19304", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19304" - }, - { - "name" : "21321", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21321" - }, - { - "name" : "1365", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1365" - }, - { - "name" : "simpliciti-security-bypass(28224)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28224" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Simpliciti Locked Browser does not properly limit a user's actions to ones within the intended Internet Explorer environment, which allows local users to perform unauthorized actions by visiting a web site that executes a JavaScript window.blur loop to remove focus from the browser window, then pressing CTRL-SHIFT-ESC to invoke the Task Manager." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060822 Simpliciti Locked Browser Jail Breakout Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444026/100/100/threaded" + }, + { + "name": "21321", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21321" + }, + { + "name": "19304", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19304" + }, + { + "name": "20060802 Simpliciti Locked Browser Jail Breakout Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442058/100/100/threaded" + }, + { + "name": "1365", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1365" + }, + { + "name": "simpliciti-security-bypass(28224)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28224" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4267.json b/2006/4xxx/CVE-2006-4267.json index 390b8143cef..4d04fbe987e 100644 --- a/2006/4xxx/CVE-2006-4267.json +++ b/2006/4xxx/CVE-2006-4267.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060817 CubeCart <= 3.0.11 SQL injection & cross site scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443476/100/0/threaded" - }, - { - "name" : "http://retrogod.altervista.org/cubecart_3011_adv.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/cubecart_3011_adv.html" - }, - { - "name" : "http://retrogod.altervista.org/cubecart_3011_sql.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/cubecart_3011_sql.html" - }, - { - "name" : "http://retrogod.altervista.org/cubecart_3011_sql_mqg_bypass.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/cubecart_3011_sql_mqg_bypass.html" - }, - { - "name" : "http://bugs.cubecart.com/?do=details&id=523", - "refsource" : "CONFIRM", - "url" : "http://bugs.cubecart.com/?do=details&id=523" - }, - { - "name" : "http://www.cubecart.com/site/forums/index.php?showtopic=21247", - "refsource" : "CONFIRM", - "url" : "http://www.cubecart.com/site/forums/index.php?showtopic=21247" - }, - { - "name" : "19563", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19563" - }, - { - "name" : "ADV-2006-3314", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3314" - }, - { - "name" : "27984", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27984" - }, - { - "name" : "27985", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27985" - }, - { - "name" : "1016708", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016708" - }, - { - "name" : "21538", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21538" - }, - { - "name" : "1429", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1429" - }, - { - "name" : "cubecart-confirmed-sql-injection(28428)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21538", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21538" + }, + { + "name": "ADV-2006-3314", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3314" + }, + { + "name": "27985", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27985" + }, + { + "name": "20060817 CubeCart <= 3.0.11 SQL injection & cross site scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443476/100/0/threaded" + }, + { + "name": "http://bugs.cubecart.com/?do=details&id=523", + "refsource": "CONFIRM", + "url": "http://bugs.cubecart.com/?do=details&id=523" + }, + { + "name": "cubecart-confirmed-sql-injection(28428)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28428" + }, + { + "name": "http://www.cubecart.com/site/forums/index.php?showtopic=21247", + "refsource": "CONFIRM", + "url": "http://www.cubecart.com/site/forums/index.php?showtopic=21247" + }, + { + "name": "http://retrogod.altervista.org/cubecart_3011_sql.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/cubecart_3011_sql.html" + }, + { + "name": "27984", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27984" + }, + { + "name": "19563", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19563" + }, + { + "name": "1429", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1429" + }, + { + "name": "http://retrogod.altervista.org/cubecart_3011_sql_mqg_bypass.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/cubecart_3011_sql_mqg_bypass.html" + }, + { + "name": "1016708", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016708" + }, + { + "name": "http://retrogod.altervista.org/cubecart_3011_adv.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/cubecart_3011_adv.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4311.json b/2006/4xxx/CVE-2006-4311.json index a067bbf82ac..f7f931a63f7 100644 --- a/2006/4xxx/CVE-2006-4311.json +++ b/2006/4xxx/CVE-2006-4311.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in Sonium Enterprise Adressbook 0.2 allows remote attackers to execute arbitrary PHP code via the folder parameter in multiple files in the plugins directory, as demonstrated by plugins/1_Adressbuch/delete.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060818 Sonium Enterprise Adressbook Version 0.2 (folder) RFI", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443701/100/0/threaded" - }, - { - "name" : "http://www.bb-pcsecurity.de/Websecurity/342/org/Sonium_Enterprise_Adressbook_Version_0.2_(folder)_RFI.htm", - "refsource" : "MISC", - "url" : "http://www.bb-pcsecurity.de/Websecurity/342/org/Sonium_Enterprise_Adressbook_Version_0.2_(folder)_RFI.htm" - }, - { - "name" : "19597", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19597" - }, - { - "name" : "ADV-2006-3334", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3334" - }, - { - "name" : "21553", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21553" - }, - { - "name" : "sonium-enterprise-delete-file-include(28464)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28464" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in Sonium Enterprise Adressbook 0.2 allows remote attackers to execute arbitrary PHP code via the folder parameter in multiple files in the plugins directory, as demonstrated by plugins/1_Adressbuch/delete.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19597", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19597" + }, + { + "name": "ADV-2006-3334", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3334" + }, + { + "name": "21553", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21553" + }, + { + "name": "20060818 Sonium Enterprise Adressbook Version 0.2 (folder) RFI", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443701/100/0/threaded" + }, + { + "name": "sonium-enterprise-delete-file-include(28464)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28464" + }, + { + "name": "http://www.bb-pcsecurity.de/Websecurity/342/org/Sonium_Enterprise_Adressbook_Version_0.2_(folder)_RFI.htm", + "refsource": "MISC", + "url": "http://www.bb-pcsecurity.de/Websecurity/342/org/Sonium_Enterprise_Adressbook_Version_0.2_(folder)_RFI.htm" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4688.json b/2006/4xxx/CVE-2006-4688.json index 7e2b897acf7..29d4b61298a 100644 --- a/2006/4xxx/CVE-2006-4688.json +++ b/2006/4xxx/CVE-2006-4688.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4688", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka \"Client Service for NetWare Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-4688", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061116 Vulnerabilities in Client Service for NetWare", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451844/100/0/threaded" - }, - { - "name" : "MS06-066", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-066" - }, - { - "name" : "TA06-318A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-318A.html" - }, - { - "name" : "21023", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21023" - }, - { - "name" : "ADV-2006-4504", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4504" - }, - { - "name" : "oval:org.mitre.oval:def:404", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A404" - }, - { - "name" : "1017224", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017224" - }, - { - "name" : "22866", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22866" - }, - { - "name" : "ms-csnw-bo(29952)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29952" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka \"Client Service for NetWare Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1017224", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017224" + }, + { + "name": "TA06-318A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html" + }, + { + "name": "21023", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21023" + }, + { + "name": "MS06-066", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-066" + }, + { + "name": "ADV-2006-4504", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4504" + }, + { + "name": "oval:org.mitre.oval:def:404", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A404" + }, + { + "name": "20061116 Vulnerabilities in Client Service for NetWare", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451844/100/0/threaded" + }, + { + "name": "ms-csnw-bo(29952)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29952" + }, + { + "name": "22866", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22866" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4696.json b/2006/4xxx/CVE-2006-4696.json index 8d7a624e01b..b90f4fd04d0 100644 --- a/2006/4xxx/CVE-2006-4696.json +++ b/2006/4xxx/CVE-2006-4696.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka \"SMB Rename Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-4696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02161", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded" - }, - { - "name" : "SSRT061264", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded" - }, - { - "name" : "MS06-063", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-063" - }, - { - "name" : "VU#820628", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/820628" - }, - { - "name" : "20373", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20373" - }, - { - "name" : "ADV-2006-3982", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3982" - }, - { - "name" : "oval:org.mitre.oval:def:8", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8" - }, - { - "name" : "1017035", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017035" - }, - { - "name" : "win-smb-rename-dos(29373)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka \"SMB Rename Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20373", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20373" + }, + { + "name": "SSRT061264", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" + }, + { + "name": "VU#820628", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/820628" + }, + { + "name": "MS06-063", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-063" + }, + { + "name": "oval:org.mitre.oval:def:8", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8" + }, + { + "name": "1017035", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017035" + }, + { + "name": "HPSBST02161", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" + }, + { + "name": "ADV-2006-3982", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3982" + }, + { + "name": "win-smb-rename-dos(29373)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29373" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4955.json b/2006/4xxx/CVE-2006-4955.json index 3c7a2a6b3ad..3a3ab164cfe 100644 --- a/2006/4xxx/CVE-2006-4955.json +++ b/2006/4xxx/CVE-2006-4955.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the downloadfile servlet in Neon WebMail for Java before 5.08 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the (1) savefolder and (2) savefilename parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://vuln.sg/neonmail506-en.html", - "refsource" : "MISC", - "url" : "http://vuln.sg/neonmail506-en.html" - }, - { - "name" : "20109", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20109" - }, - { - "name" : "84199", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84199" - }, - { - "name" : "22029", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22029" - }, - { - "name" : "neonwebmail-multiple-directory-traversal(29090)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29090" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the downloadfile servlet in Neon WebMail for Java before 5.08 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the (1) savefolder and (2) savefilename parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "neonwebmail-multiple-directory-traversal(29090)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29090" + }, + { + "name": "20109", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20109" + }, + { + "name": "http://vuln.sg/neonmail506-en.html", + "refsource": "MISC", + "url": "http://vuln.sg/neonmail506-en.html" + }, + { + "name": "22029", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22029" + }, + { + "name": "84199", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84199" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2046.json b/2010/2xxx/CVE-2010-2046.json index 6106c658241..ce307b2ef27 100644 --- a/2010/2xxx/CVE-2010-2046.json +++ b/2010/2xxx/CVE-2010-2046.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2046", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the ActiveHelper LiveHelp (com_activehelper_livehelp) component 2.0.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via (1) the DOMAINID parameter to server/cookies.php or (2) the SERVER parameter to server/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/1005-exploits/joomlaactivehelper-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1005-exploits/joomlaactivehelper-xss.txt" - }, - { - "name" : "http://www.xenuser.org/2010/05/19/joomla-component-activehelper-livehelp-xss-vulnerabilities/", - "refsource" : "MISC", - "url" : "http://www.xenuser.org/2010/05/19/joomla-component-activehelper-livehelp-xss-vulnerabilities/" - }, - { - "name" : "http://xenuser.org/documents/security/joomla_com_activehelper_livehelp_xss.txt", - "refsource" : "MISC", - "url" : "http://xenuser.org/documents/security/joomla_com_activehelper_livehelp_xss.txt" - }, - { - "name" : "40278", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40278" - }, - { - "name" : "39870", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the ActiveHelper LiveHelp (com_activehelper_livehelp) component 2.0.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via (1) the DOMAINID parameter to server/cookies.php or (2) the SERVER parameter to server/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.xenuser.org/2010/05/19/joomla-component-activehelper-livehelp-xss-vulnerabilities/", + "refsource": "MISC", + "url": "http://www.xenuser.org/2010/05/19/joomla-component-activehelper-livehelp-xss-vulnerabilities/" + }, + { + "name": "40278", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40278" + }, + { + "name": "http://packetstormsecurity.org/1005-exploits/joomlaactivehelper-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1005-exploits/joomlaactivehelper-xss.txt" + }, + { + "name": "http://xenuser.org/documents/security/joomla_com_activehelper_livehelp_xss.txt", + "refsource": "MISC", + "url": "http://xenuser.org/documents/security/joomla_com_activehelper_livehelp_xss.txt" + }, + { + "name": "39870", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39870" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2714.json b/2010/2xxx/CVE-2010-2714.json index c44299b02f2..2be432efe2a 100644 --- a/2010/2xxx/CVE-2010-2714.json +++ b/2010/2xxx/CVE-2010-2714.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to execute arbitrary SQL commands via the album parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14203", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14203" - }, - { - "name" : "41382", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41382" - }, - { - "name" : "ADV-2010-1696", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1696" - }, - { - "name" : "tcwphpalbum-index-sql-injection(60079)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60079" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to execute arbitrary SQL commands via the album parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41382", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41382" + }, + { + "name": "tcwphpalbum-index-sql-injection(60079)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60079" + }, + { + "name": "ADV-2010-1696", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1696" + }, + { + "name": "14203", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14203" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2869.json b/2010/2xxx/CVE-2010-2869.json index cd5a4dafb78..fe73e4cc9fb 100644 --- a/2010/2xxx/CVE-2010-2869.json +++ b/2010/2xxx/CVE-2010-2869.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2869", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3712 of a certain file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2869", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100825 Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-2869", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/513329/100/0/threaded" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html" - }, - { - "name" : "oval:org.mitre.oval:def:11983", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11983" - }, - { - "name" : "1024361", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024361" - }, - { - "name" : "ADV-2010-2176", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2176" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3712 of a certain file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024361", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024361" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-20.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html" + }, + { + "name": "oval:org.mitre.oval:def:11983", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11983" + }, + { + "name": "20100825 Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-2869", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/513329/100/0/threaded" + }, + { + "name": "ADV-2010-2176", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2176" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3185.json b/2010/3xxx/CVE-2010-3185.json index 24be6b8bc1d..06ac0bb9e78 100644 --- a/2010/3xxx/CVE-2010-3185.json +++ b/2010/3xxx/CVE-2010-3185.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3185", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3185", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3244.json b/2010/3xxx/CVE-2010-3244.json index 4a5937a6f2a..34da8b2d88c 100644 --- a/2010/3xxx/CVE-2010-3244.json +++ b/2010/3xxx/CVE-2010-3244.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly Blackboard Commerce Suite) before 3.6.0.2 relies on field names when determining whether it is appropriate to decrypt a connection.xml field value, which allows local users to discover the database password via a modified connection.xml file that contains an encrypted password in the field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/MAPG-86YPVM", - "refsource" : "MISC", - "url" : "http://www.kb.cert.org/vuls/id/MAPG-86YPVM" - }, - { - "name" : "VU#204055", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/204055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly Blackboard Commerce Suite) before 3.6.0.2 relies on field names when determining whether it is appropriate to decrypt a connection.xml field value, which allows local users to discover the database password via a modified connection.xml file that contains an encrypted password in the field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kb.cert.org/vuls/id/MAPG-86YPVM", + "refsource": "MISC", + "url": "http://www.kb.cert.org/vuls/id/MAPG-86YPVM" + }, + { + "name": "VU#204055", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/204055" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3277.json b/2010/3xxx/CVE-2010-3277.json index 117e204c0ad..de4e4532395 100644 --- a/2010/3xxx/CVE-2010-3277.json +++ b/2010/3xxx/CVE-2010-3277.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2010/000105.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2010-0014.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2010-0014.html" - }, - { - "name" : "1024481", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024481" - }, - { - "name" : "41574", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41574" - }, - { - "name" : "ADV-2010-2491", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2491" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html" + }, + { + "name": "41574", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41574" + }, + { + "name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html" + }, + { + "name": "ADV-2010-2491", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2491" + }, + { + "name": "1024481", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024481" + } + ] + } +} \ No newline at end of file diff --git a/2010/4xxx/CVE-2010-4229.json b/2010/4xxx/CVE-2010-4229.json index f2a34345043..400452dc163 100644 --- a/2010/4xxx/CVE-2010-4229.json +++ b/2010/4xxx/CVE-2010-4229.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-4229", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows remote attackers to overwrite files, and subsequently execute arbitrary code, via directory traversal sequences in a filename field in an upload request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-4229", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110411 ZDI-11-118: Novell ZENworks Asset Management Path Traversal File Overwrite Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517425/100/0/threaded" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-11-118/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-11-118/" - }, - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=7007841", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=7007841" - }, - { - "name" : "47295", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47295" - }, - { - "name" : "1025313", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025313" - }, - { - "name" : "44120", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44120" - }, - { - "name" : "8207", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8207" - }, - { - "name" : "ADV-2011-0917", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0917" - }, - { - "name" : "zenworks-zam-code-execution(66656)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66656" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows remote attackers to overwrite files, and subsequently execute arbitrary code, via directory traversal sequences in a filename field in an upload request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://zerodayinitiative.com/advisories/ZDI-11-118/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-11-118/" + }, + { + "name": "ADV-2011-0917", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0917" + }, + { + "name": "20110411 ZDI-11-118: Novell ZENworks Asset Management Path Traversal File Overwrite Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517425/100/0/threaded" + }, + { + "name": "44120", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44120" + }, + { + "name": "8207", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8207" + }, + { + "name": "http://www.novell.com/support/viewContent.do?externalId=7007841", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=7007841" + }, + { + "name": "zenworks-zam-code-execution(66656)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66656" + }, + { + "name": "47295", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47295" + }, + { + "name": "1025313", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025313" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0249.json b/2011/0xxx/CVE-2011-0249.json index 2709acb1c43..a7f577da604 100644 --- a/2011/0xxx/CVE-2011-0249.json +++ b/2011/0xxx/CVE-2011-0249.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSC atoms in a QuickTime movie file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5002", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5002" - }, - { - "name" : "APPLE-SA-2011-08-03-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-10-12-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" - }, - { - "name" : "oval:org.mitre.oval:def:16089", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16089" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSC atoms in a QuickTime movie file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2011-08-03-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html" + }, + { + "name": "APPLE-SA-2011-10-12-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5002", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5002" + }, + { + "name": "oval:org.mitre.oval:def:16089", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16089" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1641.json b/2011/1xxx/CVE-2011-1641.json index 98e61f7f465..0f3cad3d509 100644 --- a/2011/1xxx/CVE-2011-1641.json +++ b/2011/1xxx/CVE-2011-1641.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1641", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1641", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1709.json b/2011/1xxx/CVE-2011-1709.json index 36357f5981d..98870444e03 100644 --- a/2011/1xxx/CVE-2011-1709.json +++ b/2011/1xxx/CVE-2011-1709.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news", - "refsource" : "CONFIRM", - "url" : "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news" - }, - { - "name" : "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d", - "refsource" : "CONFIRM", - "url" : "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=709139", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=709139" - }, - { - "name" : "FEDORA-2011-7822", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html" - }, - { - "name" : "openSUSE-SU-2011:0581", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/8643655" - }, - { - "name" : "USN-1142-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1142-1" - }, - { - "name" : "48084", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48084" - }, - { - "name" : "44797", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44797" - }, - { - "name" : "44808", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news", + "refsource": "CONFIRM", + "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.2.news" + }, + { + "name": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d", + "refsource": "CONFIRM", + "url": "http://git.gnome.org/browse/gdm/commit/?id=d13dd72531599ab7e4c747db3b58a8c17753e08d" + }, + { + "name": "44797", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44797" + }, + { + "name": "FEDORA-2011-7822", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061264.html" + }, + { + "name": "USN-1142-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1142-1" + }, + { + "name": "48084", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48084" + }, + { + "name": "openSUSE-SU-2011:0581", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/8643655" + }, + { + "name": "44808", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44808" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=709139", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709139" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1760.json b/2011/1xxx/CVE-2011-1760.json index 63b8acd529b..3dafdd8cfd9 100644 --- a/2011/1xxx/CVE-2011-1760.json +++ b/2011/1xxx/CVE-2011-1760.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to conduct eval injection attacks and gain privileges via shell metacharacters in the -e argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110429 CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/29/3" - }, - { - "name" : "[oss-security] 20110430 Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/05/01/1" - }, - { - "name" : "[oss-security] 20110430 Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/05/01/2" - }, - { - "name" : "[oss-security] 20110502 Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/05/02/17" - }, - { - "name" : "[oss-security] 20110503 Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/05/03/2" - }, - { - "name" : "[oss-security] 20110510 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/05/10/6" - }, - { - "name" : "[oss-security] 20110510 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/05/10/7" - }, - { - "name" : "[oss-security] 20110511 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/05/11/1" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=700883", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=700883" - }, - { - "name" : "DSA-2254", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2254" - }, - { - "name" : "USN-1166-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1166-1" - }, - { - "name" : "47652", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47652" - }, - { - "name" : "45205", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45205" - }, - { - "name" : "44790", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44790" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to conduct eval injection attacks and gain privileges via shell metacharacters in the -e argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110429 CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/29/3" + }, + { + "name": "[oss-security] 20110430 Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/05/01/1" + }, + { + "name": "[oss-security] 20110510 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/05/10/7" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=700883", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700883" + }, + { + "name": "[oss-security] 20110511 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/05/11/1" + }, + { + "name": "45205", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45205" + }, + { + "name": "[oss-security] 20110502 Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/05/02/17" + }, + { + "name": "47652", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47652" + }, + { + "name": "44790", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44790" + }, + { + "name": "[oss-security] 20110503 Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/05/03/2" + }, + { + "name": "[oss-security] 20110510 Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/05/10/6" + }, + { + "name": "USN-1166-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1166-1" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624212" + }, + { + "name": "[oss-security] 20110430 Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/05/01/2" + }, + { + "name": "DSA-2254", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2254" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1980.json b/2011/1xxx/CVE-2011-1980.json index f830e808006..694be0cf958 100644 --- a/2011/1xxx/CVE-2011-1980.json +++ b/2011/1xxx/CVE-2011-1980.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka \"Office Component Insecure Library Loading Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-073", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-073" - }, - { - "name" : "TA11-256A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-256A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12694", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12694" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka \"Office Component Insecure Library Loading Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS11-073", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-073" + }, + { + "name": "oval:org.mitre.oval:def:12694", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12694" + }, + { + "name": "TA11-256A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5121.json b/2011/5xxx/CVE-2011-5121.json index 1780b24f069..f1c1fc47f99 100644 --- a/2011/5xxx/CVE-2011-5121.json +++ b/2011/5xxx/CVE-2011-5121.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not properly check whether unspecified X.509 certificates are revoked, which has unknown impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://personalfirewall.comodo.com/release_notes.html", - "refsource" : "CONFIRM", - "url" : "http://personalfirewall.comodo.com/release_notes.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not properly check whether unspecified X.509 certificates are revoked, which has unknown impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://personalfirewall.comodo.com/release_notes.html", + "refsource": "CONFIRM", + "url": "http://personalfirewall.comodo.com/release_notes.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3030.json b/2014/3xxx/CVE-2014-3030.json index 987865c774a..5b7eddb8e72 100644 --- a/2014/3xxx/CVE-2014-3030.json +++ b/2014/3xxx/CVE-2014-3030.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3030", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3030", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3273.json b/2014/3xxx/CVE-2014-3273.json index 3eda8ad284a..1677f873e13 100644 --- a/2014/3xxx/CVE-2014-3273.json +++ b/2014/3xxx/CVE-2014-3273.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140519 Cisco IOS Software LLDP Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3273" - }, - { - "name" : "1030257", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030257" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030257", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030257" + }, + { + "name": "20140519 Cisco IOS Software LLDP Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3273" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3311.json b/2014/3xxx/CVE-2014-3311.json index 6cf56b698a2..b31b3017f41 100644 --- a/2014/3xxx/CVE-2014-3311.json +++ b/2014/3xxx/CVE-2014-3311.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140709 Cisco WebEx Meetings Client Heap-Based Buffer Overflow Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3311" - }, - { - "name" : "68502", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68502" - }, - { - "name" : "1030550", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030550" - }, - { - "name" : "cisco-webex-cve20143311-bo(94432)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140709 Cisco WebEx Meetings Client Heap-Based Buffer Overflow Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3311" + }, + { + "name": "68502", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68502" + }, + { + "name": "1030550", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030550" + }, + { + "name": "cisco-webex-cve20143311-bo(94432)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94432" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3467.json b/2014/3xxx/CVE-2014-3467.json index e2bc80633ae..910d7dbee07 100644 --- a/2014/3xxx/CVE-2014-3467.json +++ b/2014/3xxx/CVE-2014-3467.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released", - "refsource" : "MLIST", - "url" : "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1102022", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1102022" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-0594.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-0594.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-0596.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-0596.html" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0247.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0247.html" - }, - { - "name" : "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html", - "refsource" : "CONFIRM", - "url" : "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html" - }, - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7015302", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7015302" - }, - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7015303", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7015303" - }, - { - "name" : "DSA-3056", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3056" - }, - { - "name" : "MDVSA-2015:116", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116" - }, - { - "name" : "RHSA-2014:0594", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0594.html" - }, - { - "name" : "RHSA-2014:0596", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0596.html" - }, - { - "name" : "RHSA-2014:0815", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0815.html" - }, - { - "name" : "RHSA-2014:0687", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0687.html" - }, - { - "name" : "SUSE-SU-2014:0758", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html" - }, - { - "name" : "SUSE-SU-2014:0788", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html" - }, - { - "name" : "58614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58614" - }, - { - "name" : "59057", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59057" - }, - { - "name" : "58591", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58591" - }, - { - "name" : "59021", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59021" - }, - { - "name" : "60415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60415" - }, - { - "name" : "61888", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61888" - }, - { - "name" : "60320", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60320" - }, - { - "name" : "59408", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60320", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60320" + }, + { + "name": "DSA-3056", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3056" + }, + { + "name": "http://www.novell.com/support/kb/doc.php?id=7015302", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7015302" + }, + { + "name": "59057", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59057" + }, + { + "name": "SUSE-SU-2014:0758", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00002.html" + }, + { + "name": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html", + "refsource": "CONFIRM", + "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15423.html" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-0596.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-0596.html" + }, + { + "name": "MDVSA-2015:116", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:116" + }, + { + "name": "59021", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59021" + }, + { + "name": "61888", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61888" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0247.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0247.html" + }, + { + "name": "RHSA-2014:0815", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0815.html" + }, + { + "name": "RHSA-2014:0596", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0596.html" + }, + { + "name": "[help-libtasn1] 20140525 GNU Libtasn1 3.6 released", + "refsource": "MLIST", + "url": "http://lists.gnu.org/archive/html/help-libtasn1/2014-05/msg00006.html" + }, + { + "name": "http://www.novell.com/support/kb/doc.php?id=7015303", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7015303" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-0594.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-0594.html" + }, + { + "name": "58591", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58591" + }, + { + "name": "RHSA-2014:0687", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0687.html" + }, + { + "name": "58614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58614" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1102022", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102022" + }, + { + "name": "SUSE-SU-2014:0788", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00015.html" + }, + { + "name": "RHSA-2014:0594", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0594.html" + }, + { + "name": "60415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60415" + }, + { + "name": "59408", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59408" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3497.json b/2014/3xxx/CVE-2014-3497.json index 62ebdbb51a7..ae87e64361a 100644 --- a/2014/3xxx/CVE-2014-3497.json +++ b/2014/3xxx/CVE-2014-3497.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3497", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3497", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[openstack-announce] 20140619 [OSSA 2014-020] XSS in Swift requests through WWW-Authenticate header (CVE-2014-3497)", - "refsource" : "MLIST", - "url" : "http://lists.openstack.org/pipermail/openstack-announce/2014-June/000243.html" - }, - { - "name" : "[oss-security] 20140619 [OSSA 2014-020] XSS in Swift requests through WWW-Authenticate header (CVE-2014-3497)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/06/19/10" - }, - { - "name" : "https://review.openstack.org/#/c/101031/", - "refsource" : "CONFIRM", - "url" : "https://review.openstack.org/#/c/101031/" - }, - { - "name" : "https://review.openstack.org/#/c/101032/", - "refsource" : "CONFIRM", - "url" : "https://review.openstack.org/#/c/101032/" - }, - { - "name" : "USN-2256-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2256-1" - }, - { - "name" : "68116", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68116" - }, - { - "name" : "59532", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2256-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2256-1" + }, + { + "name": "59532", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59532" + }, + { + "name": "https://review.openstack.org/#/c/101031/", + "refsource": "CONFIRM", + "url": "https://review.openstack.org/#/c/101031/" + }, + { + "name": "[oss-security] 20140619 [OSSA 2014-020] XSS in Swift requests through WWW-Authenticate header (CVE-2014-3497)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/06/19/10" + }, + { + "name": "68116", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68116" + }, + { + "name": "[openstack-announce] 20140619 [OSSA 2014-020] XSS in Swift requests through WWW-Authenticate header (CVE-2014-3497)", + "refsource": "MLIST", + "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-June/000243.html" + }, + { + "name": "https://review.openstack.org/#/c/101032/", + "refsource": "CONFIRM", + "url": "https://review.openstack.org/#/c/101032/" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3542.json b/2014/3xxx/CVE-2014-3542.json index 1f1edabe2c0..bc44c2fbc1e 100644 --- a/2014/3xxx/CVE-2014-3542.json +++ b/2014/3xxx/CVE-2014-3542.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3542", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140721 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/07/21/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45463", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45463" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=264263", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=264263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140721 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/07/21/1" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45463", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45463" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=264263", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=264263" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3701.json b/2014/3xxx/CVE-2014-3701.json index 82fdb08a34f..e0df5312ab3 100644 --- a/2014/3xxx/CVE-2014-3701.json +++ b/2014/3xxx/CVE-2014-3701.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3701", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3701", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3791.json b/2014/3xxx/CVE-2014-3791.json index f481865e5f2..be3025882f6 100644 --- a/2014/3xxx/CVE-2014-3791.json +++ b/2014/3xxx/CVE-2014-3791.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code via a long string in a cookie UserID parameter to vfolder.ghp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33352", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33352" - }, - { - "name" : "http://blog.techorganic.com/2014/05/14/from-fuzzing-to-0-day", - "refsource" : "MISC", - "url" : "http://blog.techorganic.com/2014/05/14/from-fuzzing-to-0-day" - }, - { - "name" : "http://packetstormsecurity.com/files/126614/Easy-File-Sharing-Web-Server-6.8-Buffer-Overflow.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126614/Easy-File-Sharing-Web-Server-6.8-Buffer-Overflow.html" - }, - { - "name" : "67406", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67406" - }, - { - "name" : "106965", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/106965" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code via a long string in a cookie UserID parameter to vfolder.ghp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106965", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/106965" + }, + { + "name": "67406", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67406" + }, + { + "name": "33352", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33352" + }, + { + "name": "http://blog.techorganic.com/2014/05/14/from-fuzzing-to-0-day", + "refsource": "MISC", + "url": "http://blog.techorganic.com/2014/05/14/from-fuzzing-to-0-day" + }, + { + "name": "http://packetstormsecurity.com/files/126614/Easy-File-Sharing-Web-Server-6.8-Buffer-Overflow.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126614/Easy-File-Sharing-Web-Server-6.8-Buffer-Overflow.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6183.json b/2014/6xxx/CVE-2014-6183.json index a67b48e36ee..eb46842b9d5 100644 --- a/2014/6xxx/CVE-2014-6183.json +++ b/2014/6xxx/CVE-2014-6183.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21690823", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21690823" - }, - { - "name" : "ibm-xgs-cve20146183-command-injection(98519)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98519" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21690823", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690823" + }, + { + "name": "ibm-xgs-cve20146183-command-injection(98519)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98519" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6795.json b/2014/6xxx/CVE-2014-6795.json index b719481a133..a88f76ea6ef 100644 --- a/2014/6xxx/CVE-2014-6795.json +++ b/2014/6xxx/CVE-2014-6795.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Beekeeping Forum (aka com.tapatalk.supporttapatalkcomxxxxx) application 3.9.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#796073", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/796073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Beekeeping Forum (aka com.tapatalk.supporttapatalkcomxxxxx) application 3.9.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#796073", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/796073" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6872.json b/2014/6xxx/CVE-2014-6872.json index c395959f314..255fb7fa6a5 100644 --- a/2014/6xxx/CVE-2014-6872.json +++ b/2014/6xxx/CVE-2014-6872.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TTNET Muzik (aka com.ttnet.muzik) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#382649", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/382649" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TTNET Muzik (aka com.ttnet.muzik) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#382649", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/382649" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7023.json b/2014/7xxx/CVE-2014-7023.json index a9deee74139..a140e5b2255 100644 --- a/2014/7xxx/CVE-2014-7023.json +++ b/2014/7xxx/CVE-2014-7023.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Find Color (aka com.chudong.color) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#418905", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/418905" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Find Color (aka com.chudong.color) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#418905", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/418905" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7604.json b/2014/7xxx/CVE-2014-7604.json index 281383b1a96..d7434612ef3 100644 --- a/2014/7xxx/CVE-2014-7604.json +++ b/2014/7xxx/CVE-2014-7604.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Easy Tips For Glowing Skin (aka com.n.easytipsforglowingskin) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#969257", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/969257" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Easy Tips For Glowing Skin (aka com.n.easytipsforglowingskin) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#969257", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/969257" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7699.json b/2014/7xxx/CVE-2014-7699.json index d32a3923344..3df21e22b7e 100644 --- a/2014/7xxx/CVE-2014-7699.json +++ b/2014/7xxx/CVE-2014-7699.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7699", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7699", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7938.json b/2014/7xxx/CVE-2014-7938.json index 20ad1956590..5e9b687a5ac 100644 --- a/2014/7xxx/CVE-2014-7938.json +++ b/2014/7xxx/CVE-2014-7938.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Fonts implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-7938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=416323", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=416323" - }, - { - "name" : "GLSA-201502-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml" - }, - { - "name" : "RHSA-2015:0093", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0093.html" - }, - { - "name" : "openSUSE-SU-2015:0441", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" - }, - { - "name" : "USN-2476-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2476-1" - }, - { - "name" : "72288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72288" - }, - { - "name" : "1031623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031623" - }, - { - "name" : "62575", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62575" - }, - { - "name" : "62383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62383" - }, - { - "name" : "62665", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Fonts implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62665", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62665" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=416323", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=416323" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" + }, + { + "name": "62575", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62575" + }, + { + "name": "USN-2476-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2476-1" + }, + { + "name": "72288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72288" + }, + { + "name": "GLSA-201502-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml" + }, + { + "name": "1031623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031623" + }, + { + "name": "openSUSE-SU-2015:0441", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" + }, + { + "name": "RHSA-2015:0093", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0093.html" + }, + { + "name": "62383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62383" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8220.json b/2014/8xxx/CVE-2014-8220.json index 931298d0a6e..bf413c89a6b 100644 --- a/2014/8xxx/CVE-2014-8220.json +++ b/2014/8xxx/CVE-2014-8220.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8220", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8220", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8483.json b/2014/8xxx/CVE-2014-8483.json index 7d928e1e91d..58b272c1f32 100644 --- a/2014/8xxx/CVE-2014-8483.json +++ b/2014/8xxx/CVE-2014-8483.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8483", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8483", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.quassel-irc.org/issues/1314", - "refsource" : "CONFIRM", - "url" : "http://bugs.quassel-irc.org/issues/1314" - }, - { - "name" : "https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138", - "refsource" : "CONFIRM", - "url" : "https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138" - }, - { - "name" : "DSA-3063", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3063" - }, - { - "name" : "DSA-3068", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3068" - }, - { - "name" : "openSUSE-SU-2014:1382", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00028.html" - }, - { - "name" : "openSUSE-SU-2014:1406", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00046.html" - }, - { - "name" : "openSUSE-SU-2015:0573", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html" - }, - { - "name" : "USN-2401-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2401-1" - }, - { - "name" : "61932", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61932" - }, - { - "name" : "62035", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62035" - }, - { - "name" : "62261", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62261" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61932", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61932" + }, + { + "name": "openSUSE-SU-2014:1406", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00046.html" + }, + { + "name": "USN-2401-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2401-1" + }, + { + "name": "62261", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62261" + }, + { + "name": "DSA-3063", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3063" + }, + { + "name": "http://bugs.quassel-irc.org/issues/1314", + "refsource": "CONFIRM", + "url": "http://bugs.quassel-irc.org/issues/1314" + }, + { + "name": "openSUSE-SU-2015:0573", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html" + }, + { + "name": "DSA-3068", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3068" + }, + { + "name": "62035", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62035" + }, + { + "name": "openSUSE-SU-2014:1382", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00028.html" + }, + { + "name": "https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138", + "refsource": "CONFIRM", + "url": "https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8530.json b/2014/8xxx/CVE-2014-8530.json index ce337f06f01..3a16cef7d3a 100644 --- a/2014/8xxx/CVE-2014-8530.json +++ b/2014/8xxx/CVE-2014-8530.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information, affect integrity, or cause a denial of service via unknown vectors, related to simultaneous logins." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10053", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information, affect integrity, or cause a denial of service via unknown vectors, related to simultaneous logins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10053", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10053" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8648.json b/2014/8xxx/CVE-2014-8648.json index 938ed6b50e0..bcc12148ecf 100644 --- a/2014/8xxx/CVE-2014-8648.json +++ b/2014/8xxx/CVE-2014-8648.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8648", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8648", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/9xxx/CVE-2014-9388.json b/2014/9xxx/CVE-2014-9388.json index a84d9685f59..cf7c78a89e4 100644 --- a/2014/9xxx/CVE-2014-9388.json +++ b/2014/9xxx/CVE-2014-9388.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-9388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-9388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141207 MantisBT 1.2.18 Released", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q4/955" - }, - { - "name" : "https://www.mantisbt.org/bugs/changelog_page.php?version_id=191", - "refsource" : "CONFIRM", - "url" : "https://www.mantisbt.org/bugs/changelog_page.php?version_id=191" - }, - { - "name" : "https://www.mantisbt.org/bugs/view.php?id=17878", - "refsource" : "CONFIRM", - "url" : "https://www.mantisbt.org/bugs/view.php?id=17878" - }, - { - "name" : "DSA-3120", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3120" - }, - { - "name" : "62101", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20141207 MantisBT 1.2.18 Released", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q4/955" + }, + { + "name": "https://www.mantisbt.org/bugs/view.php?id=17878", + "refsource": "CONFIRM", + "url": "https://www.mantisbt.org/bugs/view.php?id=17878" + }, + { + "name": "62101", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62101" + }, + { + "name": "https://www.mantisbt.org/bugs/changelog_page.php?version_id=191", + "refsource": "CONFIRM", + "url": "https://www.mantisbt.org/bugs/changelog_page.php?version_id=191" + }, + { + "name": "DSA-3120", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3120" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2155.json b/2016/2xxx/CVE-2016-2155.json index 61e9dc57ab5..3ab427efd97 100644 --- a/2016/2xxx/CVE-2016-2155.json +++ b/2016/2xxx/CVE-2016-2155.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The grade-reporting feature in Singleview (aka Single View) in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/grade:manage capability, which allows remote authenticated users to modify \"Exclude grade\" settings by leveraging the Non-Editing Instructor role." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160321 moodle security release", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/03/21/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52378", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52378" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=330177", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=330177" - }, - { - "name" : "1035333", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035333" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The grade-reporting feature in Singleview (aka Single View) in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/grade:manage capability, which allows remote authenticated users to modify \"Exclude grade\" settings by leveraging the Non-Editing Instructor role." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://moodle.org/mod/forum/discuss.php?d=330177", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=330177" + }, + { + "name": "[oss-security] 20160321 moodle security release", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/03/21/1" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52378", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52378" + }, + { + "name": "1035333", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035333" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2605.json b/2016/2xxx/CVE-2016-2605.json index fe31b170ab7..e40c103656d 100644 --- a/2016/2xxx/CVE-2016-2605.json +++ b/2016/2xxx/CVE-2016-2605.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2605", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2605", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2651.json b/2016/2xxx/CVE-2016-2651.json index 7ba5af8677c..ebf1c24d2fa 100644 --- a/2016/2xxx/CVE-2016-2651.json +++ b/2016/2xxx/CVE-2016-2651.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2651", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2651", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2797.json b/2016/2xxx/CVE-2016-2797.json index 13af0fe4850..1dcb5c202ee 100644 --- a/2016/2xxx/CVE-2016-2797.json +++ b/2016/2xxx/CVE-2016-2797.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2016-2797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1243823", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1243823" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "DSA-3510", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3510" - }, - { - "name" : "DSA-3515", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3515" - }, - { - "name" : "DSA-3520", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3520" - }, - { - "name" : "GLSA-201605-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201605-06" - }, - { - "name" : "GLSA-201701-63", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-63" - }, - { - "name" : "openSUSE-SU-2016:0894", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html" - }, - { - "name" : "openSUSE-SU-2016:1767", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html" - }, - { - "name" : "openSUSE-SU-2016:1769", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html" - }, - { - "name" : "openSUSE-SU-2016:1778", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html" - }, - { - "name" : "SUSE-SU-2016:0909", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html" - }, - { - "name" : "SUSE-SU-2016:0727", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html" - }, - { - "name" : "SUSE-SU-2016:0777", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html" - }, - { - "name" : "openSUSE-SU-2016:0731", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html" - }, - { - "name" : "openSUSE-SU-2016:0733", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html" - }, - { - "name" : "SUSE-SU-2016:0820", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html" - }, - { - "name" : "openSUSE-SU-2016:0876", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html" - }, - { - "name" : "USN-2917-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2917-2" - }, - { - "name" : "USN-2917-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2917-3" - }, - { - "name" : "USN-2934-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2934-1" - }, - { - "name" : "USN-2917-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2917-1" - }, - { - "name" : "USN-2927-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2927-1" - }, - { - "name" : "84222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84222" - }, - { - "name" : "1035215", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:0894", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html" + }, + { + "name": "84222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84222" + }, + { + "name": "SUSE-SU-2016:0820", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html" + }, + { + "name": "openSUSE-SU-2016:1767", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "openSUSE-SU-2016:0731", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html" + }, + { + "name": "SUSE-SU-2016:0727", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html" + }, + { + "name": "openSUSE-SU-2016:1778", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html" + }, + { + "name": "openSUSE-SU-2016:0876", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html" + }, + { + "name": "USN-2917-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2917-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243823", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243823" + }, + { + "name": "USN-2927-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2927-1" + }, + { + "name": "DSA-3520", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3520" + }, + { + "name": "openSUSE-SU-2016:1769", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html" + }, + { + "name": "SUSE-SU-2016:0909", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html" + }, + { + "name": "DSA-3510", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3510" + }, + { + "name": "openSUSE-SU-2016:0733", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html" + }, + { + "name": "1035215", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035215" + }, + { + "name": "SUSE-SU-2016:0777", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html" + }, + { + "name": "GLSA-201605-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201605-06" + }, + { + "name": "DSA-3515", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3515" + }, + { + "name": "USN-2934-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2934-1" + }, + { + "name": "GLSA-201701-63", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-63" + }, + { + "name": "USN-2917-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2917-2" + }, + { + "name": "USN-2917-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2917-3" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2896.json b/2016/2xxx/CVE-2016-2896.json index a6ac954fe28..a938c18de18 100644 --- a/2016/2xxx/CVE-2016-2896.json +++ b/2016/2xxx/CVE-2016-2896.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2896", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2896", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6022.json b/2016/6xxx/CVE-2016-6022.json index e4ede8287e7..867a5c71587 100644 --- a/2016/6xxx/CVE-2016-6022.json +++ b/2016/6xxx/CVE-2016-6022.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-6022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Collaborative Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.1" - }, - { - "version_value" : "4.0" - }, - { - "version_value" : "3.0.1.6" - }, - { - "version_value" : "4.0.1" - }, - { - "version_value" : "4.0.2" - }, - { - "version_value" : "4.0.3" - }, - { - "version_value" : "4.0.4" - }, - { - "version_value" : "4.0.5" - }, - { - "version_value" : "4.0.6" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "4.0.7" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-6022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Collaborative Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "3.0.1" + }, + { + "version_value": "4.0" + }, + { + "version_value": "3.0.1.6" + }, + { + "version_value": "4.0.1" + }, + { + "version_value": "4.0.2" + }, + { + "version_value": "4.0.3" + }, + { + "version_value": "4.0.4" + }, + { + "version_value": "4.0.5" + }, + { + "version_value": "4.0.6" + }, + { + "version_value": "5.0" + }, + { + "version_value": "4.0.7" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=swg22000784", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=swg22000784" - }, - { - "name" : "97173", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97173" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/docview.wss?uid=swg22000784", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=swg22000784" + }, + { + "name": "97173", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97173" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18348.json b/2017/18xxx/CVE-2017-18348.json index dec4467b2b5..2c588842313 100644 --- a/2017/18xxx/CVE-2017-18348.json +++ b/2017/18xxx/CVE-2017-18348.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert Trojan horse programs into $SPLUNK_HOME/bin, because the non-root setup instructions state that chown should be run across all of $SPLUNK_HOME to give non-root access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://korelogic.com/Resources/Advisories/KL-001-2017-022.txt", - "refsource" : "MISC", - "url" : "https://korelogic.com/Resources/Advisories/KL-001-2017-022.txt" - }, - { - "name" : "https://www.splunk.com/view/SP-CAAAP3M", - "refsource" : "MISC", - "url" : "https://www.splunk.com/view/SP-CAAAP3M" - }, - { - "name" : "101664", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101664" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert Trojan horse programs into $SPLUNK_HOME/bin, because the non-root setup instructions state that chown should be run across all of $SPLUNK_HOME to give non-root access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.splunk.com/view/SP-CAAAP3M", + "refsource": "MISC", + "url": "https://www.splunk.com/view/SP-CAAAP3M" + }, + { + "name": "101664", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101664" + }, + { + "name": "https://korelogic.com/Resources/Advisories/KL-001-2017-022.txt", + "refsource": "MISC", + "url": "https://korelogic.com/Resources/Advisories/KL-001-2017-022.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5144.json b/2017/5xxx/CVE-2017-5144.json index e60bbc44b40..7e3947391c4 100644 --- a/2017/5xxx/CVE-2017-5144.json +++ b/2017/5xxx/CVE-2017-5144.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-5144", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Carlo Gavazzi VMU-C EM and VMU-C PV", - "version" : { - "version_data" : [ - { - "version_value" : "Carlo Gavazzi VMU-C EM and VMU-C PV" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. The access control flaw allows access to most application functions without authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Carlo Gavazzi VMU-C EM and VMU-C PV access control flaw" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-5144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Carlo Gavazzi VMU-C EM and VMU-C PV", + "version": { + "version_data": [ + { + "version_value": "Carlo Gavazzi VMU-C EM and VMU-C PV" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-012-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-012-03" - }, - { - "name" : "95411", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95411" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. The access control flaw allows access to most application functions without authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Carlo Gavazzi VMU-C EM and VMU-C PV access control flaw" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95411", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95411" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-012-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-012-03" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5448.json b/2017/5xxx/CVE-2017-5448.json index 050a917b30f..ed69d51de2f 100644 --- a/2017/5xxx/CVE-2017-5448.json +++ b/2017/5xxx/CVE-2017-5448.json @@ -1,118 +1,118 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "45.9" - }, - { - "version_affected" : "<", - "version_value" : "52.1" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "53" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An out-of-bounds write in \"ClearKeyDecryptor\" while decrypting some Clearkey-encrypted media content. The \"ClearKeyDecryptor\" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds write in ClearKeyDecryptor" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "45.9" + }, + { + "version_affected": "<", + "version_value": "52.1" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "53" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1346648", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1346648" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-10/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-10/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-11/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-11/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-12/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-12/" - }, - { - "name" : "DSA-3831", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3831" - }, - { - "name" : "RHSA-2017:1104", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1104" - }, - { - "name" : "RHSA-2017:1106", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1106" - }, - { - "name" : "97940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97940" - }, - { - "name" : "1038320", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An out-of-bounds write in \"ClearKeyDecryptor\" while decrypting some Clearkey-encrypted media content. The \"ClearKeyDecryptor\" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds write in ClearKeyDecryptor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1106", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1106" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-12/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-12/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-11/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-11/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-10/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-10/" + }, + { + "name": "97940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97940" + }, + { + "name": "DSA-3831", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3831" + }, + { + "name": "1038320", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038320" + }, + { + "name": "RHSA-2017:1104", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1104" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1346648", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1346648" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5462.json b/2017/5xxx/CVE-2017-5462.json index 708e1dc7139..87eafa79292 100644 --- a/2017/5xxx/CVE-2017-5462.json +++ b/2017/5xxx/CVE-2017-5462.json @@ -1,134 +1,134 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.1" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "45.9" - }, - { - "version_affected" : "<", - "version_value" : "52.1" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "53" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DRBG flaw in NSS" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.1" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "45.9" + }, + { + "version_affected": "<", + "version_value": "52.1" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "53" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1345089", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1345089" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-10/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-10/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-11/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-11/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-12/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-12/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-13/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-13/" - }, - { - "name" : "DSA-3831", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3831" - }, - { - "name" : "DSA-3872", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3872" - }, - { - "name" : "GLSA-201705-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-04" - }, - { - "name" : "97940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97940" - }, - { - "name" : "1038320", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DRBG flaw in NSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201705-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-04" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-12/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-12/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-11/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-11/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-10/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-10/" + }, + { + "name": "97940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97940" + }, + { + "name": "DSA-3831", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3831" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1345089", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1345089" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-13/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-13/" + }, + { + "name": "1038320", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038320" + }, + { + "name": "DSA-3872", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3872" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5630.json b/2017/5xxx/CVE-2017-5630.json index 18cb263670a..b1852c4b631 100644 --- a/2017/5xxx/CVE-2017-5630.json +++ b/2017/5xxx/CVE-2017-5630.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41185", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41185/" - }, - { - "name" : "http://pear.php.net/bugs/bug.php?id=21171", - "refsource" : "MISC", - "url" : "http://pear.php.net/bugs/bug.php?id=21171" - }, - { - "name" : "95882", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95882" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41185", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41185/" + }, + { + "name": "95882", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95882" + }, + { + "name": "http://pear.php.net/bugs/bug.php?id=21171", + "refsource": "MISC", + "url": "http://pear.php.net/bugs/bug.php?id=21171" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5717.json b/2017/5xxx/CVE-2017-5717.json index e7567e55b57..bc691a03d26 100644 --- a/2017/5xxx/CVE-2017-5717.json +++ b/2017/5xxx/CVE-2017-5717.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2017-12-12T00:00:00", - "ID" : "CVE-2017-5717", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel Graphics Driver", - "version" : { - "version_data" : [ - { - "version_value" : "15.49/15.47/15.46/15.45/15.40/15.36/15.33" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2017-12-12T00:00:00", + "ID": "CVE-2017-5717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel Graphics Driver", + "version": { + "version_data": [ + { + "version_value": "15.49/15.47/15.46/15.45/15.40/15.36/15.33" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43373", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43373/" - }, - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00095&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00095&languageid=en-fr" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43373", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43373/" + }, + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00095&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00095&languageid=en-fr" + } + ] + } +} \ No newline at end of file