From 56cfa948b30f96379764626c77393b043caec4c1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:00:50 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/1xxx/CVE-2001-1170.json | 140 +++++----- 2001/1xxx/CVE-2001-1524.json | 180 ++++++------- 2006/2xxx/CVE-2006-2187.json | 150 +++++------ 2006/2xxx/CVE-2006-2756.json | 170 ++++++------ 2006/2xxx/CVE-2006-2769.json | 270 +++++++++---------- 2006/2xxx/CVE-2006-2907.json | 34 +-- 2006/3xxx/CVE-2006-3398.json | 140 +++++----- 2006/6xxx/CVE-2006-6000.json | 34 +-- 2006/6xxx/CVE-2006-6065.json | 170 ++++++------ 2006/6xxx/CVE-2006-6119.json | 150 +++++------ 2006/6xxx/CVE-2006-6664.json | 160 +++++------ 2006/7xxx/CVE-2006-7163.json | 120 ++++----- 2011/0xxx/CVE-2011-0347.json | 200 +++++++------- 2011/0xxx/CVE-2011-0537.json | 190 ++++++------- 2011/0xxx/CVE-2011-0839.json | 120 ++++----- 2011/0xxx/CVE-2011-0945.json | 130 ++++----- 2011/1xxx/CVE-2011-1898.json | 190 ++++++------- 2011/1xxx/CVE-2011-1918.json | 140 +++++----- 2011/2xxx/CVE-2011-2287.json | 130 ++++----- 2011/2xxx/CVE-2011-2822.json | 140 +++++----- 2011/3xxx/CVE-2011-3331.json | 34 +-- 2011/3xxx/CVE-2011-3403.json | 140 +++++----- 2011/3xxx/CVE-2011-3607.json | 410 ++++++++++++++--------------- 2011/3xxx/CVE-2011-3924.json | 220 ++++++++-------- 2011/4xxx/CVE-2011-4399.json | 34 +-- 2011/4xxx/CVE-2011-4910.json | 170 ++++++------ 2013/5xxx/CVE-2013-5028.json | 150 +++++------ 2013/5xxx/CVE-2013-5401.json | 130 ++++----- 2013/5xxx/CVE-2013-5418.json | 150 +++++------ 2013/5xxx/CVE-2013-5561.json | 120 ++++----- 2013/5xxx/CVE-2013-5903.json | 34 +-- 2014/2xxx/CVE-2014-2872.json | 120 ++++----- 2014/6xxx/CVE-2014-6057.json | 34 +-- 2014/6xxx/CVE-2014-6159.json | 210 +++++++-------- 2014/6xxx/CVE-2014-6590.json | 140 +++++----- 2014/7xxx/CVE-2014-7447.json | 140 +++++----- 2014/7xxx/CVE-2014-7895.json | 140 +++++----- 2017/0xxx/CVE-2017-0116.json | 150 +++++------ 2017/0xxx/CVE-2017-0724.json | 156 +++++------ 2017/0xxx/CVE-2017-0768.json | 180 ++++++------- 2017/1000xxx/CVE-2017-1000027.json | 134 +++++----- 2017/1000xxx/CVE-2017-1000132.json | 124 ++++----- 2017/1xxx/CVE-2017-1110.json | 162 ++++++------ 2017/1xxx/CVE-2017-1293.json | 288 ++++++++++---------- 2017/1xxx/CVE-2017-1422.json | 142 +++++----- 2017/1xxx/CVE-2017-1553.json | 148 +++++------ 2017/1xxx/CVE-2017-1811.json | 34 +-- 2017/1xxx/CVE-2017-1873.json | 34 +-- 2017/4xxx/CVE-2017-4365.json | 34 +-- 2017/4xxx/CVE-2017-4475.json | 34 +-- 2017/4xxx/CVE-2017-4932.json | 142 +++++----- 2017/5xxx/CVE-2017-5243.json | 120 ++++----- 2017/5xxx/CVE-2017-5798.json | 142 +++++----- 2017/5xxx/CVE-2017-5854.json | 150 +++++------ 54 files changed, 3754 insertions(+), 3754 deletions(-) diff --git a/2001/1xxx/CVE-2001-1170.json b/2001/1xxx/CVE-2001-1170.json index a0a5045dee0..f22e6256c5b 100644 --- a/2001/1xxx/CVE-2001-1170.json +++ b/2001/1xxx/CVE-2001-1170.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AmTote International homebet program stores the homebet.log file in the homebet/ virtual directory, which allows remote attackers to steal account and PIN numbers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010929 Vulnerability in Amtote International homebet self service wagering system.", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-09/0235.html" - }, - { - "name" : "3370", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3370" - }, - { - "name" : "homebet-view-logfile(7186)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7186" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AmTote International homebet program stores the homebet.log file in the homebet/ virtual directory, which allows remote attackers to steal account and PIN numbers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "homebet-view-logfile(7186)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7186" + }, + { + "name": "20010929 Vulnerability in Amtote International homebet self service wagering system.", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0235.html" + }, + { + "name": "3370", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3370" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1524.json b/2001/1xxx/CVE-2001-1524.json index 81e6dcd3e38..5e2f73a7670 100644 --- a/2001/1xxx/CVE-2001-1524.json +++ b/2001/1xxx/CVE-2001-1524.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1524", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1524", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011203 Phpnuke Cross site scripting vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/82/243545" - }, - { - "name" : "20011215 PHPNuke holes", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/245691" - }, - { - "name" : "20011216 Phpnuke module.php vulnerability and php error_reporting issue", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/245875" - }, - { - "name" : "20011220 1 last CSS hole in PHPNuke :)", - "refsource" : "VULN-DEV", - "url" : "http://online.securityfocus.com/archive/82/246603" - }, - { - "name" : "http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gz", - "refsource" : "CONFIRM", - "url" : "http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gz" - }, - { - "name" : "3609", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3609" - }, - { - "name" : "phpnuke-postnuke-css(7654)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7654.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011215 PHPNuke holes", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/245691" + }, + { + "name": "20011220 1 last CSS hole in PHPNuke :)", + "refsource": "VULN-DEV", + "url": "http://online.securityfocus.com/archive/82/246603" + }, + { + "name": "phpnuke-postnuke-css(7654)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7654.php" + }, + { + "name": "20011216 Phpnuke module.php vulnerability and php error_reporting issue", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/245875" + }, + { + "name": "http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gz", + "refsource": "CONFIRM", + "url": "http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gz" + }, + { + "name": "20011203 Phpnuke Cross site scripting vulnerability", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/82/243545" + }, + { + "name": "3609", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3609" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2187.json b/2006/2xxx/CVE-2006-2187.json index 9c5c25fc7ba..4b21e0706e2 100644 --- a/2006/2xxx/CVE-2006-2187.json +++ b/2006/2xxx/CVE-2006-2187.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2187", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2187", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060502 zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/432718/100/0/threaded" - }, - { - "name" : "http://zone14.free.fr/advisories/2/", - "refsource" : "MISC", - "url" : "http://zone14.free.fr/advisories/2/" - }, - { - "name" : "17779", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17779" - }, - { - "name" : "zenphoto-index-i-xss(26219)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060502 zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/432718/100/0/threaded" + }, + { + "name": "zenphoto-index-i-xss(26219)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26219" + }, + { + "name": "http://zone14.free.fr/advisories/2/", + "refsource": "MISC", + "url": "http://zone14.free.fr/advisories/2/" + }, + { + "name": "17779", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17779" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2756.json b/2006/2xxx/CVE-2006-2756.json index ddd88fb8329..35f0a9e506c 100644 --- a/2006/2xxx/CVE-2006-2756.json +++ b/2006/2xxx/CVE-2006-2756.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eitsop My Web Server 1.0 allows remote attackers to cause a denial of service (application crash) via a long GET request. NOTE: CVE analysis suggests that this is a different product, and therefore a different vulnerability, than CVE-2002-1897." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060525 my Web Server << v-1.0 Denial of Service Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/lists/bugtraq/2006/May/0563.html" - }, - { - "name" : "20060526 Re: my Web Server << v-1.0 Denial of Service Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/lists/bugtraq/2006/May/0601.html" - }, - { - "name" : "20060601 Re: my Web Server << v-1.0 Denial of Service Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-05/0722.html" - }, - { - "name" : "18144", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18144" - }, - { - "name" : "20335", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20335" - }, - { - "name" : "mywebserver-http-dos(26885)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26885" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eitsop My Web Server 1.0 allows remote attackers to cause a denial of service (application crash) via a long GET request. NOTE: CVE analysis suggests that this is a different product, and therefore a different vulnerability, than CVE-2002-1897." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18144", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18144" + }, + { + "name": "20060525 my Web Server << v-1.0 Denial of Service Exploit", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/lists/bugtraq/2006/May/0563.html" + }, + { + "name": "20060526 Re: my Web Server << v-1.0 Denial of Service Exploit", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/lists/bugtraq/2006/May/0601.html" + }, + { + "name": "mywebserver-http-dos(26885)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26885" + }, + { + "name": "20335", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20335" + }, + { + "name": "20060601 Re: my Web Server << v-1.0 Denial of Service Exploit", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0722.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2769.json b/2006/2xxx/CVE-2006-2769.json index 31da2781d1b..efbc1a92f92 100644 --- a/2006/2xxx/CVE-2006-2769.json +++ b/2006/2xxx/CVE-2006-2769.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass \"uricontent\" rules via a carriage return (\\r) after the URL and before the HTTP declaration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060601 Snort HTTP Inspect Pre-Processor Uricontent Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435600/100/0/threaded" - }, - { - "name" : "20060602 New Snort Bypass - Patch - Bypass of Patch", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435734/100/0/threaded" - }, - { - "name" : "20060602 Re: New Snort Bypass - Patch - Bypass of Patch", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435797/100/0/threaded" - }, - { - "name" : "20060603 Re: New Snort Bypass - Patch - Bypass of Patch", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435872/100/0/threaded" - }, - { - "name" : "[Snort-devel] 20060531 Snort Uricontent Bypass Vulnerability", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=snort-devel&m=114909074311462&w=2" - }, - { - "name" : "http://www.demarc.com/support/downloads/patch_20060531", - "refsource" : "MISC", - "url" : "http://www.demarc.com/support/downloads/patch_20060531" - }, - { - "name" : "http://www.snort.org/pub-bin/snortnews.cgi#431", - "refsource" : "CONFIRM", - "url" : "http://www.snort.org/pub-bin/snortnews.cgi#431" - }, - { - "name" : "SUSE-SR:2006:014", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html" - }, - { - "name" : "18200", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18200" - }, - { - "name" : "ADV-2006-2119", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2119" - }, - { - "name" : "25837", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25837" - }, - { - "name" : "1016191", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016191" - }, - { - "name" : "20413", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20413" - }, - { - "name" : "20766", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20766" - }, - { - "name" : "1018", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1018" - }, - { - "name" : "snort-uricontent-rule-bypass(26855)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26855" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass \"uricontent\" rules via a carriage return (\\r) after the URL and before the HTTP declaration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060603 Re: New Snort Bypass - Patch - Bypass of Patch", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435872/100/0/threaded" + }, + { + "name": "20060602 New Snort Bypass - Patch - Bypass of Patch", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435734/100/0/threaded" + }, + { + "name": "http://www.demarc.com/support/downloads/patch_20060531", + "refsource": "MISC", + "url": "http://www.demarc.com/support/downloads/patch_20060531" + }, + { + "name": "20766", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20766" + }, + { + "name": "18200", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18200" + }, + { + "name": "20413", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20413" + }, + { + "name": "20060601 Snort HTTP Inspect Pre-Processor Uricontent Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435600/100/0/threaded" + }, + { + "name": "ADV-2006-2119", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2119" + }, + { + "name": "1018", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1018" + }, + { + "name": "snort-uricontent-rule-bypass(26855)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26855" + }, + { + "name": "25837", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25837" + }, + { + "name": "SUSE-SR:2006:014", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html" + }, + { + "name": "1016191", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016191" + }, + { + "name": "[Snort-devel] 20060531 Snort Uricontent Bypass Vulnerability", + "refsource": "MLIST", + "url": "http://marc.info/?l=snort-devel&m=114909074311462&w=2" + }, + { + "name": "http://www.snort.org/pub-bin/snortnews.cgi#431", + "refsource": "CONFIRM", + "url": "http://www.snort.org/pub-bin/snortnews.cgi#431" + }, + { + "name": "20060602 Re: New Snort Bypass - Patch - Bypass of Patch", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435797/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2907.json b/2006/2xxx/CVE-2006-2907.json index 9f9b75fa3f4..7988e45ac2a 100644 --- a/2006/2xxx/CVE-2006-2907.json +++ b/2006/2xxx/CVE-2006-2907.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2907", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2907", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3398.json b/2006/3xxx/CVE-2006-3398.json index ec098d26c06..9366e98f466 100644 --- a/2006/3xxx/CVE-2006-3398.json +++ b/2006/3xxx/CVE-2006-3398.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"change password forms\" in Taskjitsu before 2.0.1 includes password hashes in hidden form fields, which allows remote attackers to obtain sensitive information from the (1) Category Editor and (2) User Information editor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.pkrinternet.com/taskjitsu/task/3400", - "refsource" : "MISC", - "url" : "https://www.pkrinternet.com/taskjitsu/task/3400" - }, - { - "name" : "http://www.pkrinternet.com/download/RELEASE-NOTES.txt", - "refsource" : "CONFIRM", - "url" : "http://www.pkrinternet.com/download/RELEASE-NOTES.txt" - }, - { - "name" : "ADV-2006-2660", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"change password forms\" in Taskjitsu before 2.0.1 includes password hashes in hidden form fields, which allows remote attackers to obtain sensitive information from the (1) Category Editor and (2) User Information editor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt", + "refsource": "CONFIRM", + "url": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt" + }, + { + "name": "https://www.pkrinternet.com/taskjitsu/task/3400", + "refsource": "MISC", + "url": "https://www.pkrinternet.com/taskjitsu/task/3400" + }, + { + "name": "ADV-2006-2660", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2660" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6000.json b/2006/6xxx/CVE-2006-6000.json index 3bf975ceeae..584ad9c5bc0 100644 --- a/2006/6xxx/CVE-2006-6000.json +++ b/2006/6xxx/CVE-2006-6000.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6000", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-6000", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6065.json b/2006/6xxx/CVE-2006-6065.json index e884faf2edc..dd04a2db900 100644 --- a/2006/6xxx/CVE-2006-6065.json +++ b/2006/6xxx/CVE-2006-6065.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/mx_common.php in the CalSnails Module for MxBB Portal 1.06 allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061120 mxBB calsnails module 1.06 Remote File Inclusion Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452142/100/0/threaded" - }, - { - "name" : "2799", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2799" - }, - { - "name" : "21143", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21143" - }, - { - "name" : "ADV-2006-4612", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4612" - }, - { - "name" : "22931", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22931" - }, - { - "name" : "mxbbcalsnails-mxcommon-file-include(30369)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30369" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/mx_common.php in the CalSnails Module for MxBB Portal 1.06 allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4612", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4612" + }, + { + "name": "2799", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2799" + }, + { + "name": "21143", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21143" + }, + { + "name": "20061120 mxBB calsnails module 1.06 Remote File Inclusion Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452142/100/0/threaded" + }, + { + "name": "22931", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22931" + }, + { + "name": "mxbbcalsnails-mxcommon-file-include(30369)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30369" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6119.json b/2006/6xxx/CVE-2006-6119.json index 446c1a209eb..09a22af85fe 100644 --- a/2006/6xxx/CVE-2006-6119.json +++ b/2006/6xxx/CVE-2006-6119.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mmgallery 1.55 allows remote attackers to obtain sensitive information via a direct request for thumbs.php, which reveals the installation path in various error messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061124 mmgallery Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452558/100/0/threaded" - }, - { - "name" : "1017283", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017283" - }, - { - "name" : "23130", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23130" - }, - { - "name" : "1917", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mmgallery 1.55 allows remote attackers to obtain sensitive information via a direct request for thumbs.php, which reveals the installation path in various error messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1917", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1917" + }, + { + "name": "1017283", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017283" + }, + { + "name": "20061124 mmgallery Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452558/100/0/threaded" + }, + { + "name": "23130", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23130" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6664.json b/2006/6xxx/CVE-2006-6664.json index 042659827bd..032803d380a 100644 --- a/2006/6xxx/CVE-2006-6664.json +++ b/2006/6xxx/CVE-2006-6664.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in Marathon Aleph One before 0.17.1 and 2006-12-17 might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the TopLevelLogger::logMessageV function in Misc/Logging.cpp. NOTE: some details were obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://marathon.sourceforge.net/release-notes/20061202.html", - "refsource" : "CONFIRM", - "url" : "http://marathon.sourceforge.net/release-notes/20061202.html" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=471964", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=471964" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=471971", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=471971" - }, - { - "name" : "ADV-2006-5064", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5064" - }, - { - "name" : "23380", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23380" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in Marathon Aleph One before 0.17.1 and 2006-12-17 might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the TopLevelLogger::logMessageV function in Misc/Logging.cpp. NOTE: some details were obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://marathon.sourceforge.net/release-notes/20061202.html", + "refsource": "CONFIRM", + "url": "http://marathon.sourceforge.net/release-notes/20061202.html" + }, + { + "name": "ADV-2006-5064", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5064" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=471971", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=471971" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=471964", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=471964" + }, + { + "name": "23380", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23380" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7163.json b/2006/7xxx/CVE-2006-7163.json index 96214fd0d01..3146716550d 100644 --- a/2006/7xxx/CVE-2006-7163.json +++ b/2006/7xxx/CVE-2006-7163.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DreameeSoft Password Master 1.0 stores the database in an unencrypted format when the master password is set, which allows attackers with physical access to read the database contents via an unspecified authentication bypass. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19983", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19983" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DreameeSoft Password Master 1.0 stores the database in an unencrypted format when the master password is set, which allows attackers with physical access to read the database contents via an unspecified authentication bypass. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19983", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19983" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0347.json b/2011/0xxx/CVE-2011-0347.json index c1305a89f50..6c27c32f602 100644 --- a/2011/0xxx/CVE-2011-0347.json +++ b/2011/0xxx/CVE-2011-0347.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110101 Announcing cross_fuzz, a potential 0-day in circulation, and more", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/515506/100/0/threaded" - }, - { - "name" : "20110101 Announcing cross_fuzz, a potential 0-day in circulation, and more", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0698.html" - }, - { - "name" : "http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html", - "refsource" : "MISC", - "url" : "http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html" - }, - { - "name" : "http://lcamtuf.coredump.cx/cross_fuzz/fuzzer_timeline.txt", - "refsource" : "MISC", - "url" : "http://lcamtuf.coredump.cx/cross_fuzz/fuzzer_timeline.txt" - }, - { - "name" : "http://lcamtuf.coredump.cx/cross_fuzz/msie_display.jpg", - "refsource" : "MISC", - "url" : "http://lcamtuf.coredump.cx/cross_fuzz/msie_display.jpg" - }, - { - "name" : "http://www.microsoft.com/technet/security/advisory/2490606.mspx", - "refsource" : "MISC", - "url" : "http://www.microsoft.com/technet/security/advisory/2490606.mspx" - }, - { - "name" : "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx", - "refsource" : "MISC", - "url" : "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx" - }, - { - "name" : "oval:org.mitre.oval:def:12514", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12514" - }, - { - "name" : "ms-ie-gui-weak-security(64571)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html", + "refsource": "MISC", + "url": "http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx", + "refsource": "MISC", + "url": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx" + }, + { + "name": "ms-ie-gui-weak-security(64571)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64571" + }, + { + "name": "20110101 Announcing cross_fuzz, a potential 0-day in circulation, and more", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0698.html" + }, + { + "name": "20110101 Announcing cross_fuzz, a potential 0-day in circulation, and more", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/515506/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:12514", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12514" + }, + { + "name": "http://www.microsoft.com/technet/security/advisory/2490606.mspx", + "refsource": "MISC", + "url": "http://www.microsoft.com/technet/security/advisory/2490606.mspx" + }, + { + "name": "http://lcamtuf.coredump.cx/cross_fuzz/fuzzer_timeline.txt", + "refsource": "MISC", + "url": "http://lcamtuf.coredump.cx/cross_fuzz/fuzzer_timeline.txt" + }, + { + "name": "http://lcamtuf.coredump.cx/cross_fuzz/msie_display.jpg", + "refsource": "MISC", + "url": "http://lcamtuf.coredump.cx/cross_fuzz/msie_display.jpg" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0537.json b/2011/0xxx/CVE-2011-0537.json index 94cff7c6fe5..6b27126211d 100644 --- a/2011/0xxx/CVE-2011-0537.json +++ b/2011/0xxx/CVE-2011-0537.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Novell Netware, allow remote attackers to include and execute arbitrary local PHP files via vectors related to a crafted language file and the Language::factory function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-0537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[MediaWiki-announce] 20110201 MediaWiki security release 1.16.2", - "refsource" : "MLIST", - "url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html" - }, - { - "name" : "[oss-security] 20110201 CVE request: Server-side arbitrary script inclusion vulnerability in MediaWiki <=1.16.1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/02/01/4" - }, - { - "name" : "[oss-security] 20110203 Re: CVE request: Server-side arbitrary script inclusion vulnerability in MediaWiki <=1.16.1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/02/03/3" - }, - { - "name" : "http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.2.patch.gz", - "refsource" : "MISC", - "url" : "http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.2.patch.gz" - }, - { - "name" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=27094", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=27094" - }, - { - "name" : "70798", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70798" - }, - { - "name" : "70799", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70799" - }, - { - "name" : "ADV-2011-0273", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Novell Netware, allow remote attackers to include and execute arbitrary local PHP files via vectors related to a crafted language file and the Language::factory function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0273", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0273" + }, + { + "name": "70799", + "refsource": "OSVDB", + "url": "http://osvdb.org/70799" + }, + { + "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=27094", + "refsource": "CONFIRM", + "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=27094" + }, + { + "name": "[oss-security] 20110203 Re: CVE request: Server-side arbitrary script inclusion vulnerability in MediaWiki <=1.16.1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/02/03/3" + }, + { + "name": "http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.2.patch.gz", + "refsource": "MISC", + "url": "http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.2.patch.gz" + }, + { + "name": "[MediaWiki-announce] 20110201 MediaWiki security release 1.16.2", + "refsource": "MLIST", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html" + }, + { + "name": "[oss-security] 20110201 CVE request: Server-side arbitrary script inclusion vulnerability in MediaWiki <=1.16.1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/02/01/4" + }, + { + "name": "70798", + "refsource": "OSVDB", + "url": "http://osvdb.org/70798" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0839.json b/2011/0xxx/CVE-2011-0839.json index 0bc1d22680b..39364bd1acd 100644 --- a/2011/0xxx/CVE-2011-0839.json +++ b/2011/0xxx/CVE-2011-0839.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0839", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect availability, related to LOFS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect availability, related to LOFS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0945.json b/2011/0xxx/CVE-2011-0945.json index 4bb50cca4bb..85fd59e3c04 100644 --- a/2011/0xxx/CVE-2011-0945.json +++ b/2011/0xxx/CVE-2011-0945.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the Data-link switching (aka DLSw) feature in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xS before 3.1.3S and 3.2.xS before 3.2.1S, when implemented over Fast Sequence Transport (FST), allows remote attackers to cause a denial of service (memory consumption and device reload or hang) via a crafted IP protocol 91 packet, aka Bug ID CSCth69364." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-0945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=24116", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=24116" - }, - { - "name" : "20110928 Cisco IOS Software Data-Link Switching Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4e.shtml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the Data-link switching (aka DLSw) feature in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xS before 3.1.3S and 3.2.xS before 3.2.1S, when implemented over Fast Sequence Transport (FST), allows remote attackers to cause a denial of service (memory consumption and device reload or hang) via a crafted IP protocol 91 packet, aka Bug ID CSCth69364." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110928 Cisco IOS Software Data-Link Switching Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d4e.shtml" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24116", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24116" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1898.json b/2011/1xxx/CVE-2011-1898.json index da2d5448023..f3cd89e7359 100644 --- a/2011/1xxx/CVE-2011-1898.json +++ b/2011/1xxx/CVE-2011-1898.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by \"using DMA to generate MSI interrupts by writing to the interrupt injection registers.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[xen-dev] 20110512 Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI", - "refsource" : "MLIST", - "url" : "http://xen.1045712.n5.nabble.com/Xen-security-advisory-CVE-2011-1898-VT-d-PCI-passthrough-MSI-td4390298.html" - }, - { - "name" : "http://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html", - "refsource" : "MISC", - "url" : "http://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html" - }, - { - "name" : "http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf", - "refsource" : "MISC", - "url" : "http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf" - }, - { - "name" : "http://xen.org/download/index_4.0.2.html", - "refsource" : "CONFIRM", - "url" : "http://xen.org/download/index_4.0.2.html" - }, - { - "name" : "FEDORA-2011-8421", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.html" - }, - { - "name" : "FEDORA-2011-8403", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.html" - }, - { - "name" : "SUSE-SU-2011:0942", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00018.html" - }, - { - "name" : "openSUSE-SU-2011:0941", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00017.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by \"using DMA to generate MSI interrupts by writing to the interrupt injection registers.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2011:0942", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00018.html" + }, + { + "name": "http://xen.org/download/index_4.0.2.html", + "refsource": "CONFIRM", + "url": "http://xen.org/download/index_4.0.2.html" + }, + { + "name": "[xen-dev] 20110512 Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI", + "refsource": "MLIST", + "url": "http://xen.1045712.n5.nabble.com/Xen-security-advisory-CVE-2011-1898-VT-d-PCI-passthrough-MSI-td4390298.html" + }, + { + "name": "FEDORA-2011-8403", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.html" + }, + { + "name": "http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf", + "refsource": "MISC", + "url": "http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf" + }, + { + "name": "http://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html", + "refsource": "MISC", + "url": "http://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html" + }, + { + "name": "openSUSE-SU-2011:0941", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00017.html" + }, + { + "name": "FEDORA-2011-8421", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1918.json b/2011/1xxx/CVE-2011-1918.json index 5459cca2c24..a53d16679db 100644 --- a/2011/1xxx/CVE-2011-1918.json +++ b/2011/1xxx/CVE-2011-1918.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the Data Archiver service in GE Intelligent Platforms Proficy Historian before 3.5 SIM 17 and 4.x before 4.0 SIM 12 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-1918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-243-03.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-243-03.pdf" - }, - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-11-243-03A", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-11-243-03A" - }, - { - "name" : "50475", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50475" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the Data Archiver service in GE Intelligent Platforms Proficy Historian before 3.5 SIM 17 and 4.x before 4.0 SIM 12 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-243-03.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-243-03.pdf" + }, + { + "name": "50475", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50475" + }, + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-11-243-03A", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-11-243-03A" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2287.json b/2011/2xxx/CVE-2011-2287.json index fd5617178fb..936f9706d10 100644 --- a/2011/2xxx/CVE-2011-2287.json +++ b/2011/2xxx/CVE-2011-2287.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to fingerd." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-2287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" - }, - { - "name" : "TA11-201A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to fingerd." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-201A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2822.json b/2011/2xxx/CVE-2011-2822.json index 528c9936ffa..c5bbca5d848 100644 --- a/2011/2xxx/CVE-2011-2822.json +++ b/2011/2xxx/CVE-2011-2822.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 13.0.782.215 on Windows does not properly parse URLs located on the command line, which has unspecified impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=72492", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=72492" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html" - }, - { - "name" : "oval:org.mitre.oval:def:14611", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14611" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 13.0.782.215 on Windows does not properly parse URLs located on the command line, which has unspecified impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=72492", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=72492" + }, + { + "name": "oval:org.mitre.oval:def:14611", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14611" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3331.json b/2011/3xxx/CVE-2011-3331.json index 7a2ef772068..ab035786029 100644 --- a/2011/3xxx/CVE-2011-3331.json +++ b/2011/3xxx/CVE-2011-3331.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3331", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3331", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3403.json b/2011/3xxx/CVE-2011-3403.json index c41e8a2d44b..d57939476cb 100644 --- a/2011/3xxx/CVE-2011-3403.json +++ b/2011/3xxx/CVE-2011-3403.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka \"Record Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-3403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-096", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-096" - }, - { - "name" : "TA11-347A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-347A.html" - }, - { - "name" : "oval:org.mitre.oval:def:14702", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14702" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka \"Record Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14702", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14702" + }, + { + "name": "TA11-347A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html" + }, + { + "name": "MS11-096", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-096" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3607.json b/2011/3xxx/CVE-2011-3607.json index 99325a75def..748fcafe294 100644 --- a/2011/3xxx/CVE-2011-3607.json +++ b/2011/3xxx/CVE-2011-3607.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111102 Integer Overflow in Apache ap_pregsub via mod-setenvif", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0023.html" - }, - { - "name" : "http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/", - "refsource" : "MISC", - "url" : "http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/" - }, - { - "name" : "http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/DemoExploit.html", - "refsource" : "MISC", - "url" : "http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/DemoExploit.html" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/811422", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/811422" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=750935", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=750935" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" - }, - { - "name" : "http://support.apple.com/kb/HT5501", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5501" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html", - "refsource" : "CONFIRM", - "url" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html" - }, - { - "name" : "APPLE-SA-2012-09-19-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html" - }, - { - "name" : "DSA-2405", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2405" - }, - { - "name" : "HPSBMU02786", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" - }, - { - "name" : "SSRT100877", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" - }, - { - "name" : "HPSBOV02822", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134987041210674&w=2" - }, - { - "name" : "SSRT100966", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134987041210674&w=2" - }, - { - "name" : "HPSBUX02761", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133494237717847&w=2" - }, - { - "name" : "SSRT100823", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133494237717847&w=2" - }, - { - "name" : "HPSBMU02748", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133294460209056&w=2" - }, - { - "name" : "SSRT100772", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133294460209056&w=2" - }, - { - "name" : "MDVSA-2012:003", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:003" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "RHSA-2012:0128", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0128.html" - }, - { - "name" : "RHSA-2012:0542", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0542.html" - }, - { - "name" : "RHSA-2012:0543", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0543.html" - }, - { - "name" : "50494", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50494" - }, - { - "name" : "76744", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/76744" - }, - { - "name" : "1026267", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1026267" - }, - { - "name" : "45793", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45793" - }, - { - "name" : "48551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48551" - }, - { - "name" : "apache-http-appregsub-bo(71093)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMU02786", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" + }, + { + "name": "SSRT100966", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134987041210674&w=2" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/811422", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/811422" + }, + { + "name": "http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/DemoExploit.html", + "refsource": "MISC", + "url": "http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/DemoExploit.html" + }, + { + "name": "RHSA-2012:0543", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0543.html" + }, + { + "name": "HPSBOV02822", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134987041210674&w=2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=750935", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750935" + }, + { + "name": "SSRT100772", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133294460209056&w=2" + }, + { + "name": "RHSA-2012:0128", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0128.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "45793", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45793" + }, + { + "name": "HPSBMU02748", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133294460209056&w=2" + }, + { + "name": "50494", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50494" + }, + { + "name": "RHSA-2012:0542", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0542.html" + }, + { + "name": "1026267", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1026267" + }, + { + "name": "APPLE-SA-2012-09-19-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html" + }, + { + "name": "http://support.apple.com/kb/HT5501", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5501" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" + }, + { + "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html", + "refsource": "CONFIRM", + "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html" + }, + { + "name": "20111102 Integer Overflow in Apache ap_pregsub via mod-setenvif", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0023.html" + }, + { + "name": "SSRT100877", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" + }, + { + "name": "http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/", + "refsource": "MISC", + "url": "http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/" + }, + { + "name": "76744", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/76744" + }, + { + "name": "HPSBUX02761", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133494237717847&w=2" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "48551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48551" + }, + { + "name": "DSA-2405", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2405" + }, + { + "name": "SSRT100823", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133494237717847&w=2" + }, + { + "name": "apache-http-appregsub-bo(71093)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71093" + }, + { + "name": "MDVSA-2012:003", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:003" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3924.json b/2011/3xxx/CVE-2011-3924.json index 35d49124f7e..c90cefe4a14 100644 --- a/2011/3xxx/CVE-2011-3924.json +++ b/2011/3xxx/CVE-2011-3924.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=106484", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=106484" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/01/stable-channel-update_23.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/01/stable-channel-update_23.html" - }, - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "oval:org.mitre.oval:def:13887", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13887" - }, - { - "name" : "1026569", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026569" - }, - { - "name" : "47694", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47694" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2012/01/stable-channel-update_23.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/01/stable-channel-update_23.html" + }, + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=106484", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=106484" + }, + { + "name": "1026569", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026569" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + }, + { + "name": "oval:org.mitre.oval:def:13887", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13887" + }, + { + "name": "47694", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47694" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4399.json b/2011/4xxx/CVE-2011-4399.json index ef09d5d5cbd..abc32dffa0b 100644 --- a/2011/4xxx/CVE-2011-4399.json +++ b/2011/4xxx/CVE-2011-4399.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4399", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4399", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4910.json b/2011/4xxx/CVE-2011-4910.json index 28f6e124be0..1855bc7f141 100644 --- a/2011/4xxx/CVE-2011-4910.json +++ b/2011/4xxx/CVE-2011-4910.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4910", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4910", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111225 CVE-request for three 2009 Joomla issues (second part)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/12/25/3" - }, - { - "name" : "[oss-security] 20111225 Re: CVE-request for three 2009 Joomla issues (second part)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/12/25/8" - }, - { - "name" : "http://developer.joomla.org/security/news/299-20090605-core-frontend-xss-phpself-not-properly-filtered.html", - "refsource" : "CONFIRM", - "url" : "http://developer.joomla.org/security/news/299-20090605-core-frontend-xss-phpself-not-properly-filtered.html" - }, - { - "name" : "35544", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35544" - }, - { - "name" : "55590", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/55590" - }, - { - "name" : "35668", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://developer.joomla.org/security/news/299-20090605-core-frontend-xss-phpself-not-properly-filtered.html", + "refsource": "CONFIRM", + "url": "http://developer.joomla.org/security/news/299-20090605-core-frontend-xss-phpself-not-properly-filtered.html" + }, + { + "name": "35668", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35668" + }, + { + "name": "55590", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/55590" + }, + { + "name": "[oss-security] 20111225 Re: CVE-request for three 2009 Joomla issues (second part)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/12/25/8" + }, + { + "name": "35544", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35544" + }, + { + "name": "[oss-security] 20111225 CVE-request for three 2009 Joomla issues (second part)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/12/25/3" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5028.json b/2013/5xxx/CVE-2013-5028.json index 16806f4e53a..395db4512ad 100644 --- a/2013/5xxx/CVE-2013-5028.json +++ b/2013/5xxx/CVE-2013-5028.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the (1) hardwareType, (2) hardwareStatus, or (3) hardwareLocation parameter in a search command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/123193", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/123193" - }, - { - "name" : "http://www.kwoksys.com/wiki/index.php?title=Release_Notes", - "refsource" : "MISC", - "url" : "http://www.kwoksys.com/wiki/index.php?title=Release_Notes" - }, - { - "name" : "kwok-cve20135028-hardwarelist-sql-injection(87067)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87067" - }, - { - "name" : "kwokinformationserver-unspec-sql-injection(86363)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the (1) hardwareType, (2) hardwareStatus, or (3) hardwareLocation parameter in a search command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kwoksys.com/wiki/index.php?title=Release_Notes", + "refsource": "MISC", + "url": "http://www.kwoksys.com/wiki/index.php?title=Release_Notes" + }, + { + "name": "kwok-cve20135028-hardwarelist-sql-injection(87067)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87067" + }, + { + "name": "http://packetstormsecurity.com/files/123193", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/123193" + }, + { + "name": "kwokinformationserver-unspec-sql-injection(86363)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86363" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5401.json b/2013/5xxx/CVE-2013-5401.json index cdaa2ffd1b1..162b22f1ac0 100644 --- a/2013/5xxx/CVE-2013-5401.json +++ b/2013/5xxx/CVE-2013-5401.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The command-port listener in IBM WebSphere MQ Internet Pass-Thru (MQIPT) 2.x before 2.1.0.1 allows remote attackers to cause a denial of service (remote-administration outage) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-5401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21666863", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21666863" - }, - { - "name" : "ibm-websphere-cve20135401-dos(87297)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87297" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The command-port listener in IBM WebSphere MQ Internet Pass-Thru (MQIPT) 2.x before 2.1.0.1 allows remote attackers to cause a denial of service (remote-administration outage) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-websphere-cve20135401-dos(87297)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87297" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21666863", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21666863" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5418.json b/2013/5xxx/CVE-2013-5418.json index 3ae745aeaac..60562eb3972 100644 --- a/2013/5xxx/CVE-2013-5418.json +++ b/2013/5xxx/CVE-2013-5418.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-5418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?&uid=swg21651880", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?&uid=swg21651880" - }, - { - "name" : "PM96477", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM96477" - }, - { - "name" : "63778", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63778" - }, - { - "name" : "was-cve20135418-url-xss(87480)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87480" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PM96477", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM96477" + }, + { + "name": "63778", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63778" + }, + { + "name": "was-cve20135418-url-xss(87480)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87480" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?&uid=swg21651880", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?&uid=swg21651880" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5561.json b/2013/5xxx/CVE-2013-5561.json index 45728b2fb0e..add5dec692d 100644 --- a/2013/5xxx/CVE-2013-5561.json +++ b/2013/5xxx/CVE-2013-5561.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Safe Search enforcement feature in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security Software does not properly perform filtering, which allows remote attackers to bypass intended policy restrictions via unspecified vectors, aka Bug ID CSCui94622." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-5561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131101 Cisco ASA CX Safe Search Policy Bypass Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5561" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Safe Search enforcement feature in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security Software does not properly perform filtering, which allows remote attackers to bypass intended policy restrictions via unspecified vectors, aka Bug ID CSCui94622." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131101 Cisco ASA CX Safe Search Policy Bypass Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5561" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5903.json b/2013/5xxx/CVE-2013-5903.json index 9b4012ab4cd..2bf927138dc 100644 --- a/2013/5xxx/CVE-2013-5903.json +++ b/2013/5xxx/CVE-2013-5903.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5903", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5093, CVE-2013-5942, CVE-2013-5943. Reason: This candidate is a duplicate of CVE-2013-5093, CVE-2013-5942, and CVE-2013-5943. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2013-5093, CVE-2013-5942, and/or CVE-2013-5943 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-5903", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5093, CVE-2013-5942, CVE-2013-5943. Reason: This candidate is a duplicate of CVE-2013-5093, CVE-2013-5942, and CVE-2013-5943. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2013-5093, CVE-2013-5942, and/or CVE-2013-5943 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2872.json b/2014/2xxx/CVE-2014-2872.json index fef080bdfdb..dc66112cf2a 100644 --- a/2014/2xxx/CVE-2014-2872.json +++ b/2014/2xxx/CVE-2014-2872.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain potentially sensitive information from a directory listing via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#437385", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/437385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain potentially sensitive information from a directory listing via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#437385", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/437385" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6057.json b/2014/6xxx/CVE-2014-6057.json index bfbb46c50dc..eec4671b869 100644 --- a/2014/6xxx/CVE-2014-6057.json +++ b/2014/6xxx/CVE-2014-6057.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6057", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6057", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6159.json b/2014/6xxx/CVE-2014-6159.json index daf59252d99..194006ff1d5 100644 --- a/2014/6xxx/CVE-2014-6159.json +++ b/2014/6xxx/CVE-2014-6159.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21688051", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21688051" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693197", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693197" - }, - { - "name" : "IT04730", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04730" - }, - { - "name" : "IT05074", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05074" - }, - { - "name" : "IT05105", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05105" - }, - { - "name" : "IT05132", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05132" - }, - { - "name" : "71006", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71006" - }, - { - "name" : "62093", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62093" - }, - { - "name" : "62092", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62092" - }, - { - "name" : "ibm-db2-cve20146159-dos(97708)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97708" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62092", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62092" + }, + { + "name": "IT05074", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05074" + }, + { + "name": "71006", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71006" + }, + { + "name": "IT04730", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04730" + }, + { + "name": "IT05132", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05132" + }, + { + "name": "ibm-db2-cve20146159-dos(97708)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97708" + }, + { + "name": "62093", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62093" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693197", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693197" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21688051", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688051" + }, + { + "name": "IT05105", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05105" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6590.json b/2014/6xxx/CVE-2014-6590.json index 35ee4facc22..c0dafe3de71 100644 --- a/2014/6xxx/CVE-2014-6590.json +++ b/2014/6xxx/CVE-2014-6590.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and CVE-2015-0427." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "GLSA-201612-27", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-27" - }, - { - "name" : "openSUSE-SU-2015:0229", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and CVE-2015-0427." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201612-27", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-27" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "openSUSE-SU-2015:0229", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7447.json b/2014/7xxx/CVE-2014-7447.json index c4650696edb..52784276fd8 100644 --- a/2014/7xxx/CVE-2014-7447.json +++ b/2014/7xxx/CVE-2014-7447.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Dattch - The Lesbian App (aka com.dattch.dattch.app) application 0.30 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#174529", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/174529" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Dattch - The Lesbian App (aka com.dattch.dattch.app) application 0.30 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#174529", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/174529" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7895.json b/2014/7xxx/CVE-2014-7895.json index e9747cf152a..c85f20b65e8 100644 --- a/2014/7xxx/CVE-2014-7895.json +++ b/2014/7xxx/CVE-2014-7895.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCashDrawer.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, Value Serial/USB Receipt printers, and USB Standard Duty cash drawers, aka ZDI-CAN-2505." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2014-7895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBHF03279", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185" - }, - { - "name" : "SSRT101689", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185" - }, - { - "name" : "1031840", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCashDrawer.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, Value Serial/USB Receipt printers, and USB Standard Duty cash drawers, aka ZDI-CAN-2505." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031840", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031840" + }, + { + "name": "SSRT101689", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185" + }, + { + "name": "HPSBHF03279", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0116.json b/2017/0xxx/CVE-2017-0116.json index 294d0a86c63..055dd9a2965 100644 --- a/2017/0xxx/CVE-2017-0116.json +++ b/2017/0xxx/CVE-2017-0116.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Uniscribe", - "version" : { - "version_data" : [ - { - "version_value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Uniscribe Information Disclosure Vulnerability.\" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Uniscribe", + "version": { + "version_data": [ + { + "version_value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41655", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41655/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0116", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0116" - }, - { - "name" : "96665", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96665" - }, - { - "name" : "1037992", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Uniscribe Information Disclosure Vulnerability.\" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0116", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0116" + }, + { + "name": "96665", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96665" + }, + { + "name": "1037992", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037992" + }, + { + "name": "41655", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41655/" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0724.json b/2017/0xxx/CVE-2017-0724.json index 5d0b4a12a07..9e2bc7ba856 100644 --- a/2017/0xxx/CVE-2017-0724.json +++ b/2017/0xxx/CVE-2017-0724.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-08-07T00:00:00", - "ID" : "CVE-2017-0724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36819262." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-08-07T00:00:00", + "ID": "CVE-2017-0724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-08-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-08-01" - }, - { - "name" : "100204", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36819262." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100204", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100204" + }, + { + "name": "https://source.android.com/security/bulletin/2017-08-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-08-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0768.json b/2017/0xxx/CVE-2017-0768.json index 01b6ceeec20..e3f3680d951 100644 --- a/2017/0xxx/CVE-2017-0768.json +++ b/2017/0xxx/CVE-2017-0768.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-09-05T00:00:00", - "ID" : "CVE-2017-0768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "4.4.4" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.1.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62019992." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-09-05T00:00:00", + "ID": "CVE-2017-0768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "4.4.4" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "5.1.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "100649", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100649" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62019992." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100649", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100649" + }, + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000027.json b/2017/1000xxx/CVE-2017-1000027.json index e035da913f4..0316174893f 100644 --- a/2017/1000xxx/CVE-2017-1000027.json +++ b/2017/1000xxx/CVE-2017-1000027.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-05-06T20:43:28.277072", - "ID" : "CVE-2017-1000027", - "REQUESTER" : "cptest311@frontier.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Koozali SME Server", - "version" : { - "version_data" : [ - { - "version_value" : "8.x, 9.x, 10.x" - } - ] - } - } - ] - }, - "vendor_name" : "Koozali Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnerability in the user web login function resulting in unauthorized account access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Open URL Redirect" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-05-06T20:43:28.277072", + "ID": "CVE-2017-1000027", + "REQUESTER": "cptest311@frontier.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cp270.wordpress.com/2017/02/02/security-advisory-open-url-redirect-in-sme-server/", - "refsource" : "MISC", - "url" : "https://cp270.wordpress.com/2017/02/02/security-advisory-open-url-redirect-in-sme-server/" - }, - { - "name" : "https://forums.contribs.org/index.php/topic,52838.0.html", - "refsource" : "MISC", - "url" : "https://forums.contribs.org/index.php/topic,52838.0.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnerability in the user web login function resulting in unauthorized account access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://forums.contribs.org/index.php/topic,52838.0.html", + "refsource": "MISC", + "url": "https://forums.contribs.org/index.php/topic,52838.0.html" + }, + { + "name": "https://cp270.wordpress.com/2017/02/02/security-advisory-open-url-redirect-in-sme-server/", + "refsource": "MISC", + "url": "https://cp270.wordpress.com/2017/02/02/security-advisory-open-url-redirect-in-sme-server/" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000132.json b/2017/1000xxx/CVE-2017-1000132.json index 4e0f985e366..a2bfb47b61f 100644 --- a/2017/1000xxx/CVE-2017-1000132.json +++ b/2017/1000xxx/CVE-2017-1000132.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.345301", - "ID" : "CVE-2017-1000132", - "REQUESTER" : "info@mahara.org", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mahara", - "version" : { - "version_data" : [ - { - "version_value" : "<1.8.7, <1.9.5, <1.10.3, <15.04.0" - } - ] - } - } - ] - }, - "vendor_name" : "Mahara" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.345301", + "ID": "CVE-2017-1000132", + "REQUESTER": "info@mahara.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/mahara/+bug/1190788", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/mahara/+bug/1190788" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/mahara/+bug/1190788", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/mahara/+bug/1190788" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1110.json b/2017/1xxx/CVE-2017-1110.json index 8e96d83325f..985991812d6 100644 --- a/2017/1xxx/CVE-2017-1110.json +++ b/2017/1xxx/CVE-2017-1110.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-08-14T00:00:00", - "ID" : "CVE-2017-1110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cram Social Program Management", - "version" : { - "version_data" : [ - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - }, - { - "version_value" : "6.1.0" - }, - { - "version_value" : "6.1.1" - }, - { - "version_value" : "6.2.0" - }, - { - "version_value" : "7.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-08-14T00:00:00", + "ID": "CVE-2017-1110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cram Social Program Management", + "version": { + "version_data": [ + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + }, + { + "version_value": "6.1.0" + }, + { + "version_value": "6.1.1" + }, + { + "version_value": "6.2.0" + }, + { + "version_value": "7.0.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/120915", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/120915" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22007161", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22007161" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22007161", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22007161" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120915", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120915" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1293.json b/2017/1xxx/CVE-2017-1293.json index 781fc530aaf..283c531426a 100644 --- a/2017/1xxx/CVE-2017-1293.json +++ b/2017/1xxx/CVE-2017-1293.json @@ -1,146 +1,146 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-06-28T00:00:00", - "ID" : "CVE-2017-1293", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Quality Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - }, - { - "product_name" : "Rational Collaborative Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125154." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-06-28T00:00:00", + "ID": "CVE-2017-1293", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Quality Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + }, + { + "product_name": "Rational Collaborative Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www-prd-trops.events.ibm.com/node/715749", - "refsource" : "CONFIRM", - "url" : "https://www-prd-trops.events.ibm.com/node/715749" - }, - { - "name" : "ibm-rqm-cve20171293-xss(125154)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125154." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-rqm-cve20171293-xss(125154)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125154" + }, + { + "name": "https://www-prd-trops.events.ibm.com/node/715749", + "refsource": "CONFIRM", + "url": "https://www-prd-trops.events.ibm.com/node/715749" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1422.json b/2017/1xxx/CVE-2017-1422.json index 32dc9bee3b1..92acdde825c 100644 --- a/2017/1xxx/CVE-2017-1422.json +++ b/2017/1xxx/CVE-2017-1422.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-08-18T00:00:00", - "ID" : "CVE-2017-1422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MaaS360 DTM", - "version" : { - "version_data" : [ - { - "version_value" : "3.81" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM MaaS360 DTM all versions up to 3.81 does not perform proper verification for user rights of certain applications which could disclose sensitive information. IBM X-Force ID: 127412." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-08-18T00:00:00", + "ID": "CVE-2017-1422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MaaS360 DTM", + "version": { + "version_data": [ + { + "version_value": "3.81" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127412", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127412" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006985", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006985" - }, - { - "name" : "100415", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100415" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM MaaS360 DTM all versions up to 3.81 does not perform proper verification for user rights of certain applications which could disclose sensitive information. IBM X-Force ID: 127412." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100415", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100415" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22006985", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22006985" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127412", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127412" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1553.json b/2017/1xxx/CVE-2017-1553.json index 21fe97c2d2d..2105d7f6de7 100644 --- a/2017/1xxx/CVE-2017-1553.json +++ b/2017/1xxx/CVE-2017-1553.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-10-25T00:00:00", - "ID" : "CVE-2017-1553", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BigInsights", - "version" : { - "version_data" : [ - { - "version_value" : "4.2.0" - }, - { - "version_value" : "4.2.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131397." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-10-25T00:00:00", + "ID": "CVE-2017-1553", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BigInsights", + "version": { + "version_data": [ + { + "version_value": "4.2.0" + }, + { + "version_value": "4.2.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/131397", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/131397" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22009192", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22009192" - }, - { - "name" : "101588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101588" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131397." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22009192", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22009192" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131397", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131397" + }, + { + "name": "101588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101588" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1811.json b/2017/1xxx/CVE-2017-1811.json index 04e2849e2cd..3c11a1e5349 100644 --- a/2017/1xxx/CVE-2017-1811.json +++ b/2017/1xxx/CVE-2017-1811.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1811", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1811", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1873.json b/2017/1xxx/CVE-2017-1873.json index be494443b2b..edabbf3bb81 100644 --- a/2017/1xxx/CVE-2017-1873.json +++ b/2017/1xxx/CVE-2017-1873.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1873", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1873", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4365.json b/2017/4xxx/CVE-2017-4365.json index ca5033e0104..f45015ae90f 100644 --- a/2017/4xxx/CVE-2017-4365.json +++ b/2017/4xxx/CVE-2017-4365.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4365", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4365", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4475.json b/2017/4xxx/CVE-2017-4475.json index 029c17afaf7..b2ff6e601b3 100644 --- a/2017/4xxx/CVE-2017-4475.json +++ b/2017/4xxx/CVE-2017-4475.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4475", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4475", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4932.json b/2017/4xxx/CVE-2017-4932.json index d2a429ec19a..6a8eb3ff220 100644 --- a/2017/4xxx/CVE-2017-4932.json +++ b/2017/4xxx/CVE-2017-4932.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "DATE_PUBLIC" : "2017-11-08T00:00:00", - "ID" : "CVE-2017-4932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VMware AirWatch Launcher for Android (AWL)", - "version" : { - "version_data" : [ - { - "version_value" : "before 3.2.2" - } - ] - } - } - ] - }, - "vendor_name" : "VMware" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnerability that could allow an escalation of privilege from the launcher UI context menu to native UI functionality and privilege. Successful exploitation of this issue could result in an escalation of privilege." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege escalation" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "DATE_PUBLIC": "2017-11-08T00:00:00", + "ID": "CVE-2017-4932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VMware AirWatch Launcher for Android (AWL)", + "version": { + "version_data": [ + { + "version_value": "before 3.2.2" + } + ] + } + } + ] + }, + "vendor_name": "VMware" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vmware.com/us/security/advisories/VMSA-2017-0016.html", - "refsource" : "CONFIRM", - "url" : "https://www.vmware.com/us/security/advisories/VMSA-2017-0016.html" - }, - { - "name" : "101771", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101771" - }, - { - "name" : "1039750", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039750" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnerability that could allow an escalation of privilege from the launcher UI context menu to native UI functionality and privilege. Successful exploitation of this issue could result in an escalation of privilege." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039750", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039750" + }, + { + "name": "https://www.vmware.com/us/security/advisories/VMSA-2017-0016.html", + "refsource": "CONFIRM", + "url": "https://www.vmware.com/us/security/advisories/VMSA-2017-0016.html" + }, + { + "name": "101771", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101771" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5243.json b/2017/5xxx/CVE-2017-5243.json index 24737a5b3b8..857f6c733e4 100644 --- a/2017/5xxx/CVE-2017-5243.json +++ b/2017/5xxx/CVE-2017-5243.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@rapid7.com", - "ID" : "CVE-2017-5243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Nexpose hardware appliance", - "version" : { - "version_data" : [ - { - "version_value" : "All Nexpose hardware appliances shipped before June 2017." - } - ] - } - } - ] - }, - "vendor_name" : "Rapid7" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the installations vulnerable to a range of MITM, downgrade, and decryption attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-327 (Use of a Broken or Risky Cryptographic Algorithm)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@rapid7.com", + "ID": "CVE-2017-5243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Nexpose hardware appliance", + "version": { + "version_data": [ + { + "version_value": "All Nexpose hardware appliances shipped before June 2017." + } + ] + } + } + ] + }, + "vendor_name": "Rapid7" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.rapid7.com/community/nexpose/blog/2017/05/31/r7-2017-13-nexpose-hardware-appliance-ssh-enabled-obsolete-algorithms-cve-2017-5243", - "refsource" : "CONFIRM", - "url" : "https://community.rapid7.com/community/nexpose/blog/2017/05/31/r7-2017-13-nexpose-hardware-appliance-ssh-enabled-obsolete-algorithms-cve-2017-5243" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the installations vulnerable to a range of MITM, downgrade, and decryption attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-327 (Use of a Broken or Risky Cryptographic Algorithm)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://community.rapid7.com/community/nexpose/blog/2017/05/31/r7-2017-13-nexpose-hardware-appliance-ssh-enabled-obsolete-algorithms-cve-2017-5243", + "refsource": "CONFIRM", + "url": "https://community.rapid7.com/community/nexpose/blog/2017/05/31/r7-2017-13-nexpose-hardware-appliance-ssh-enabled-obsolete-algorithms-cve-2017-5243" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5798.json b/2017/5xxx/CVE-2017-5798.json index a288666eecb..33a1e5cb7e8 100644 --- a/2017/5xxx/CVE-2017-5798.json +++ b/2017/5xxx/CVE-2017-5798.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-03-20T00:00:00", - "ID" : "CVE-2017-5798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OpenCall Media Platform (OCMP)", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 3.4.2 RP201 (for OCMP 3.x), all versions prior to 4.4.7 RP702 (for OCMP 4.x)" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found. The vulnerability impacts OCMP versions prior to 3.4.2 RP201 (for OCMP 3.x), all versions prior to 4.4.7 RP702 (for OCMP 4.x)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-03-20T00:00:00", + "ID": "CVE-2017-5798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OpenCall Media Platform (OCMP)", + "version": { + "version_data": [ + { + "version_value": "prior to 3.4.2 RP201 (for OCMP 3.x), all versions prior to 4.4.7 RP702 (for OCMP 4.x)" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41927", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41927/" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03686en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03686en_us" - }, - { - "name" : "98013", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found. The vulnerability impacts OCMP versions prior to 3.4.2 RP201 (for OCMP 3.x), all versions prior to 4.4.7 RP702 (for OCMP 4.x)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41927", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41927/" + }, + { + "name": "98013", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98013" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03686en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03686en_us" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5854.json b/2017/5xxx/CVE-2017-5854.json index 0295342e765..aec94fa4c92 100644 --- a/2017/5xxx/CVE-2017-5854.json +++ b/2017/5xxx/CVE-2017-5854.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170201 podofo: NULL pointer dereference in PdfOutputStream.cpp", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/01/14" - }, - { - "name" : "[oss-security] 20170202 Re: podofo: NULL pointer dereference in PdfOutputStream.cpp", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/02/12" - }, - { - "name" : "https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp/" - }, - { - "name" : "96072", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96072" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp/" + }, + { + "name": "96072", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96072" + }, + { + "name": "[oss-security] 20170202 Re: podofo: NULL pointer dereference in PdfOutputStream.cpp", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/02/12" + }, + { + "name": "[oss-security] 20170201 podofo: NULL pointer dereference in PdfOutputStream.cpp", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/01/14" + } + ] + } +} \ No newline at end of file