From 5adacb0be8011bf7b4d15f862614d26a9a48ec09 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:22:46 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/3xxx/CVE-2006-3122.json | 200 +++++++-------- 2006/3xxx/CVE-2006-3356.json | 140 +++++------ 2006/3xxx/CVE-2006-3557.json | 130 +++++----- 2006/3xxx/CVE-2006-3714.json | 230 ++++++++--------- 2006/4xxx/CVE-2006-4119.json | 130 +++++----- 2006/4xxx/CVE-2006-4538.json | 360 +++++++++++++-------------- 2006/4xxx/CVE-2006-4784.json | 160 ++++++------ 2006/4xxx/CVE-2006-4929.json | 34 +-- 2006/4xxx/CVE-2006-4967.json | 170 ++++++------- 2006/6xxx/CVE-2006-6192.json | 130 +++++----- 2006/6xxx/CVE-2006-6288.json | 240 +++++++++--------- 2006/6xxx/CVE-2006-6515.json | 130 +++++----- 2006/6xxx/CVE-2006-6551.json | 130 +++++----- 2006/7xxx/CVE-2006-7193.json | 150 +++++------ 2010/2xxx/CVE-2010-2261.json | 120 ++++----- 2010/2xxx/CVE-2010-2338.json | 170 ++++++------- 2010/2xxx/CVE-2010-2581.json | 160 ++++++------ 2011/0xxx/CVE-2011-0235.json | 170 ++++++------- 2011/0xxx/CVE-2011-0450.json | 190 +++++++------- 2011/0xxx/CVE-2011-0706.json | 220 ++++++++--------- 2011/0xxx/CVE-2011-0727.json | 310 +++++++++++------------ 2011/0xxx/CVE-2011-0800.json | 120 ++++----- 2011/0xxx/CVE-2011-0959.json | 160 ++++++------ 2011/1xxx/CVE-2011-1174.json | 240 +++++++++--------- 2011/1xxx/CVE-2011-1202.json | 230 ++++++++--------- 2011/1xxx/CVE-2011-1254.json | 130 +++++----- 2011/1xxx/CVE-2011-1626.json | 34 +-- 2011/1xxx/CVE-2011-1680.json | 290 +++++++++++----------- 2011/4xxx/CVE-2011-4123.json | 34 +-- 2011/4xxx/CVE-2011-4246.json | 120 ++++----- 2011/4xxx/CVE-2011-4675.json | 140 +++++------ 2011/4xxx/CVE-2011-4921.json | 160 ++++++------ 2011/5xxx/CVE-2011-5138.json | 130 +++++----- 2011/5xxx/CVE-2011-5242.json | 130 +++++----- 2014/2xxx/CVE-2014-2537.json | 150 +++++------ 2014/2xxx/CVE-2014-2548.json | 34 +-- 2014/2xxx/CVE-2014-2574.json | 34 +-- 2014/2xxx/CVE-2014-2613.json | 140 +++++------ 2014/2xxx/CVE-2014-2789.json | 150 +++++------ 2014/3xxx/CVE-2014-3389.json | 120 ++++----- 2014/3xxx/CVE-2014-3418.json | 180 +++++++------- 2014/3xxx/CVE-2014-3555.json | 190 +++++++------- 2014/3xxx/CVE-2014-3710.json | 440 ++++++++++++++++----------------- 2014/6xxx/CVE-2014-6296.json | 130 +++++----- 2014/6xxx/CVE-2014-6684.json | 140 +++++------ 2014/6xxx/CVE-2014-6773.json | 140 +++++------ 2014/6xxx/CVE-2014-6809.json | 34 +-- 2014/6xxx/CVE-2014-6993.json | 140 +++++------ 2014/7xxx/CVE-2014-7716.json | 140 +++++------ 2014/7xxx/CVE-2014-7832.json | 150 +++++------ 2014/7xxx/CVE-2014-7997.json | 140 +++++------ 2016/2xxx/CVE-2016-2308.json | 120 ++++----- 2017/0xxx/CVE-2017-0018.json | 140 +++++------ 2017/0xxx/CVE-2017-0717.json | 34 +-- 2017/0xxx/CVE-2017-0793.json | 132 +++++----- 2017/18xxx/CVE-2017-18260.json | 120 ++++----- 2017/1xxx/CVE-2017-1434.json | 152 ++++++------ 2017/1xxx/CVE-2017-1482.json | 142 +++++------ 2017/1xxx/CVE-2017-1543.json | 34 +-- 2017/1xxx/CVE-2017-1672.json | 138 +++++------ 2017/1xxx/CVE-2017-1686.json | 34 +-- 2017/5xxx/CVE-2017-5671.json | 160 ++++++------ 2017/5xxx/CVE-2017-5843.json | 190 +++++++------- 2017/5xxx/CVE-2017-5899.json | 150 +++++------ 64 files changed, 4795 insertions(+), 4795 deletions(-) diff --git a/2006/3xxx/CVE-2006-3122.json b/2006/3xxx/CVE-2006-3122.json index 530338a3d40..bc4444a31dd 100644 --- a/2006/3xxx/CVE-2006-3122.json +++ b/2006/3xxx/CVE-2006-3122.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The supersede_lease function in memory.c in ISC DHCP (dhcpd) server 2.0pl5 allows remote attackers to cause a denial of service (application crash) via a DHCPDISCOVER packet with a 32 byte client-identifier, which causes the packet to be interpreted as a corrupt uid and causes the server to exit with \"corrupt lease uid.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2006-3122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380273", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380273" - }, - { - "name" : "DSA-1143", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1143" - }, - { - "name" : "[3.9] 20060825 006: SECURITY FIX: August 25, 2006", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata.html#dhcpd" - }, - { - "name" : "19348", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19348" - }, - { - "name" : "ADV-2006-3158", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3158" - }, - { - "name" : "1016755", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016755" - }, - { - "name" : "21345", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21345" - }, - { - "name" : "21363", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21363" - }, - { - "name" : "21655", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21655" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The supersede_lease function in memory.c in ISC DHCP (dhcpd) server 2.0pl5 allows remote attackers to cause a denial of service (application crash) via a DHCPDISCOVER packet with a 32 byte client-identifier, which causes the packet to be interpreted as a corrupt uid and causes the server to exit with \"corrupt lease uid.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380273", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380273" + }, + { + "name": "DSA-1143", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1143" + }, + { + "name": "ADV-2006-3158", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3158" + }, + { + "name": "21655", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21655" + }, + { + "name": "21363", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21363" + }, + { + "name": "[3.9] 20060825 006: SECURITY FIX: August 25, 2006", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata.html#dhcpd" + }, + { + "name": "19348", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19348" + }, + { + "name": "21345", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21345" + }, + { + "name": "1016755", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016755" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3356.json b/2006/3xxx/CVE-2006-3356.json index 552d883ad59..cea31da2380 100644 --- a/2006/3xxx/CVE-2006-3356.json +++ b/2006/3xxx/CVE-2006-3356.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3356", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue than CVE-2006-1469." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3356", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.security-protocols.com/sp-x31-advisory.php", - "refsource" : "MISC", - "url" : "http://www.security-protocols.com/sp-x31-advisory.php" - }, - { - "name" : "ADV-2006-2606", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2606" - }, - { - "name" : "macosx-tifffetcharray-dos(27482)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue than CVE-2006-1469." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2606", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2606" + }, + { + "name": "macosx-tifffetcharray-dos(27482)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27482" + }, + { + "name": "http://www.security-protocols.com/sp-x31-advisory.php", + "refsource": "MISC", + "url": "http://www.security-protocols.com/sp-x31-advisory.php" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3557.json b/2006/3xxx/CVE-2006-3557.json index bc72de8a72c..fbcd364d6b5 100644 --- a/2006/3xxx/CVE-2006-3557.json +++ b/2006/3xxx/CVE-2006-3557.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060709 MT Örümcek Toplist v2.2 Version Microsoft Access Driver ( MDB ) Download", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439611/100/0/threaded" - }, - { - "name" : "1235", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1235", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1235" + }, + { + "name": "20060709 MT Örümcek Toplist v2.2 Version Microsoft Access Driver ( MDB ) Download", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439611/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3714.json b/2006/3xxx/CVE-2006-3714.json index 3386c06dd88..bb4384af62a 100644 --- a/2006/3xxx/CVE-2006-3714.json +++ b/2006/3xxx/CVE-2006-3714.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in OC4J for Oracle Application Server 10.1.2.0.2 and 10.1.2.1 has unknown impact and attack vectors, aka Oracle Vuln# AS10." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" - }, - { - "name" : "TA06-200A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" - }, - { - "name" : "19054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19054" - }, - { - "name" : "ADV-2006-2863", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2863" - }, - { - "name" : "ADV-2006-2947", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2947" - }, - { - "name" : "1016529", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016529" - }, - { - "name" : "21111", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21111" - }, - { - "name" : "21165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21165" - }, - { - "name" : "oracle-cpu-july-2006(27897)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in OC4J for Oracle Application Server 10.1.2.0.2 and 10.1.2.1 has unknown impact and attack vectors, aka Oracle Vuln# AS10." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016529", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016529" + }, + { + "name": "19054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19054" + }, + { + "name": "oracle-cpu-july-2006(27897)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" + }, + { + "name": "21165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21165" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded" + }, + { + "name": "ADV-2006-2947", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2947" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded" + }, + { + "name": "TA06-200A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" + }, + { + "name": "21111", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21111" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" + }, + { + "name": "ADV-2006-2863", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2863" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4119.json b/2006/4xxx/CVE-2006-4119.json index e4414a8dcdf..b3d8c03c704 100644 --- a/2006/4xxx/CVE-2006-4119.json +++ b/2006/4xxx/CVE-2006-4119.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the Temp_entered_password parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "21355", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21355" - }, - { - "name" : "geheimchaos-gc-registieren-sql-injection(28221)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28221" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the Temp_entered_password parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21355", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21355" + }, + { + "name": "geheimchaos-gc-registieren-sql-injection(28221)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28221" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4538.json b/2006/4xxx/CVE-2006-4538.json index 6bf1ffaeadb..d330f4b3ce5 100644 --- a/2006/4xxx/CVE-2006-4538.json +++ b/2006/4xxx/CVE-2006-4538.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC platforms, allows local users to cause a denial of service (crash) via a malformed ELF file that triggers memory maps that cross region boundaries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lkml.org/lkml/2006/9/4/116", - "refsource" : "CONFIRM", - "url" : "http://lkml.org/lkml/2006/9/4/116" - }, - { - "name" : "http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=8833ebaa3f4325820fe3338ccf6fae04f6669254", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=8833ebaa3f4325820fe3338ccf6fae04f6669254" - }, - { - "name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.11", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.11" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm" - }, - { - "name" : "DSA-1233", - "refsource" : "DEBIAN", - "url" : "http://www.us.debian.org/security/2006/dsa-1233" - }, - { - "name" : "DSA-1237", - "refsource" : "DEBIAN", - "url" : "http://www.us.debian.org/security/2006/dsa-1237" - }, - { - "name" : "MDKSA-2007:060", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:060" - }, - { - "name" : "RHSA-2007:0014", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2007-0014.html" - }, - { - "name" : "RHSA-2007:1049", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-1049.html" - }, - { - "name" : "RHSA-2008:0787", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0787.html" - }, - { - "name" : "SUSE-SA:2006:079", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_79_kernel.html" - }, - { - "name" : "USN-347-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-347-1" - }, - { - "name" : "19702", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19702" - }, - { - "name" : "oval:org.mitre.oval:def:10301", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10301" - }, - { - "name" : "ADV-2006-3670", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3670" - }, - { - "name" : "21999", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21999" - }, - { - "name" : "21967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21967" - }, - { - "name" : "23370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23370" - }, - { - "name" : "23395", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23395" - }, - { - "name" : "23997", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23997" - }, - { - "name" : "24206", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24206" - }, - { - "name" : "24482", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24482" - }, - { - "name" : "23474", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23474" - }, - { - "name" : "27913", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27913" - }, - { - "name" : "33280", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC platforms, allows local users to cause a denial of service (crash) via a malformed ELF file that triggers memory maps that cross region boundaries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2006:079", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_79_kernel.html" + }, + { + "name": "oval:org.mitre.oval:def:10301", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10301" + }, + { + "name": "RHSA-2007:1049", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-1049.html" + }, + { + "name": "27913", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27913" + }, + { + "name": "RHSA-2007:0014", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2007-0014.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm" + }, + { + "name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.11", + "refsource": "CONFIRM", + "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.11" + }, + { + "name": "DSA-1237", + "refsource": "DEBIAN", + "url": "http://www.us.debian.org/security/2006/dsa-1237" + }, + { + "name": "33280", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33280" + }, + { + "name": "24206", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24206" + }, + { + "name": "23474", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23474" + }, + { + "name": "21967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21967" + }, + { + "name": "USN-347-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-347-1" + }, + { + "name": "ADV-2006-3670", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3670" + }, + { + "name": "DSA-1233", + "refsource": "DEBIAN", + "url": "http://www.us.debian.org/security/2006/dsa-1233" + }, + { + "name": "23370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23370" + }, + { + "name": "21999", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21999" + }, + { + "name": "http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=8833ebaa3f4325820fe3338ccf6fae04f6669254", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=8833ebaa3f4325820fe3338ccf6fae04f6669254" + }, + { + "name": "23997", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23997" + }, + { + "name": "24482", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24482" + }, + { + "name": "http://lkml.org/lkml/2006/9/4/116", + "refsource": "CONFIRM", + "url": "http://lkml.org/lkml/2006/9/4/116" + }, + { + "name": "19702", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19702" + }, + { + "name": "RHSA-2008:0787", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0787.html" + }, + { + "name": "23395", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23395" + }, + { + "name": "MDKSA-2007:060", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:060" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4784.json b/2006/4xxx/CVE-2006-4784.json index 4ae3ca23a16..dfa561195d5 100644 --- a/2006/4xxx/CVE-2006-4784.json +++ b/2006/4xxx/CVE-2006-4784.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 and earlier might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) doc/index.php or (2) files/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.moodle.org/en/Release_Notes#Moodle_1.6.2", - "refsource" : "CONFIRM", - "url" : "http://docs.moodle.org/en/Release_Notes#Moodle_1.6.2" - }, - { - "name" : "19995", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19995" - }, - { - "name" : "ADV-2006-3591", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3591" - }, - { - "name" : "21899", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21899" - }, - { - "name" : "moodle-index-xss(28905)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 and earlier might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) doc/index.php or (2) files/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://docs.moodle.org/en/Release_Notes#Moodle_1.6.2", + "refsource": "CONFIRM", + "url": "http://docs.moodle.org/en/Release_Notes#Moodle_1.6.2" + }, + { + "name": "19995", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19995" + }, + { + "name": "21899", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21899" + }, + { + "name": "moodle-index-xss(28905)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28905" + }, + { + "name": "ADV-2006-3591", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3591" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4929.json b/2006/4xxx/CVE-2006-4929.json index d711c233ea4..4866e710416 100644 --- a/2006/4xxx/CVE-2006-4929.json +++ b/2006/4xxx/CVE-2006-4929.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4929", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4929", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4967.json b/2006/4xxx/CVE-2006-4967.json index 9b2c2a41be0..3e8106f4f8c 100644 --- a/2006/4xxx/CVE-2006-4967.json +++ b/2006/4xxx/CVE-2006-4967.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in NextAge Cart allow remote attackers to inject arbitrary web script or HTML via (1) the CatId parameter in a product category action in index.php or (2) the SearchWd parameter in an index search action in index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060915 NextAge Cart Cross-Site Scripting multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446412/100/0/threaded" - }, - { - "name" : "20040", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20040" - }, - { - "name" : "ADV-2006-3709", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3709" - }, - { - "name" : "1016888", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016888" - }, - { - "name" : "22030", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22030" - }, - { - "name" : "1625", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in NextAge Cart allow remote attackers to inject arbitrary web script or HTML via (1) the CatId parameter in a product category action in index.php or (2) the SearchWd parameter in an index search action in index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060915 NextAge Cart Cross-Site Scripting multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446412/100/0/threaded" + }, + { + "name": "22030", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22030" + }, + { + "name": "20040", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20040" + }, + { + "name": "1016888", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016888" + }, + { + "name": "1625", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1625" + }, + { + "name": "ADV-2006-3709", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3709" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6192.json b/2006/6xxx/CVE-2006-6192.json index a9845d35d85..2c9b28ff4ec 100644 --- a/2006/6xxx/CVE-2006-6192.json +++ b/2006/6xxx/CVE-2006-6192.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified scripts in the admin directory in 8pixel.net SimpleBlog 3.0 and earlier do not properly perform authentication, which allows remote attackers to add users and perform certain other unauthorized privileged actions. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-4742", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4742" - }, - { - "name" : "23098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified scripts in the admin directory in 8pixel.net SimpleBlog 3.0 and earlier do not properly perform authentication, which allows remote attackers to add users and perform certain other unauthorized privileged actions. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4742", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4742" + }, + { + "name": "23098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23098" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6288.json b/2006/6xxx/CVE-2006-6288.json index af622902277..6207e872242 100644 --- a/2006/6xxx/CVE-2006-6288.json +++ b/2006/6xxx/CVE-2006-6288.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Niek Albers CoolPlayer 216 and earlier allow remote attackers to execute arbitrary code via (1) a playlist file with long song names, because of an overflow in the CPL_AddPrefixedFile function in CPI_Playlist.c; (2) a skin file with long button names, because of an overflow in the main_skin_check_ini_value function in skin.c; and (3) a skin file with long bitmap filenames, because of an overflow in the main_skin_open function in skin.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071227 Re: Re: Re: TotalPlayer 3.0 .m3u crash", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485578/100/100/threaded" - }, - { - "name" : "20071227 Re: Re: TotalPlayer 3.0 .m3u crash", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485564/100/100/threaded" - }, - { - "name" : "20071227 Re: TotalPlayer 3.0 .m3u crash", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/485547/100/100/threaded" - }, - { - "name" : "20061213 Coolplayer buffer overflow vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051269.html" - }, - { - "name" : "4839", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4839" - }, - { - "name" : "http://coolplayer.cvs.sourceforge.net/coolplayer/Main/stdafx.h?view=log", - "refsource" : "CONFIRM", - "url" : "http://coolplayer.cvs.sourceforge.net/coolplayer/Main/stdafx.h?view=log" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=31900&release_id=467783", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=31900&release_id=467783" - }, - { - "name" : "21396", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21396" - }, - { - "name" : "ADV-2006-4806", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4806" - }, - { - "name" : "23360", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23360" - }, - { - "name" : "coolplayer-unspecified-bo(30658)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30658" - }, - { - "name" : "coolplayer-mainskincheck-bo(30861)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30861" - }, - { - "name" : "coolplayer-mainskinopen-bo(30863)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30863" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Niek Albers CoolPlayer 216 and earlier allow remote attackers to execute arbitrary code via (1) a playlist file with long song names, because of an overflow in the CPL_AddPrefixedFile function in CPI_Playlist.c; (2) a skin file with long button names, because of an overflow in the main_skin_check_ini_value function in skin.c; and (3) a skin file with long bitmap filenames, because of an overflow in the main_skin_open function in skin.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "coolplayer-mainskinopen-bo(30863)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30863" + }, + { + "name": "23360", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23360" + }, + { + "name": "http://coolplayer.cvs.sourceforge.net/coolplayer/Main/stdafx.h?view=log", + "refsource": "CONFIRM", + "url": "http://coolplayer.cvs.sourceforge.net/coolplayer/Main/stdafx.h?view=log" + }, + { + "name": "20061213 Coolplayer buffer overflow vulnerabilities", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051269.html" + }, + { + "name": "ADV-2006-4806", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4806" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=31900&release_id=467783", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=31900&release_id=467783" + }, + { + "name": "20071227 Re: TotalPlayer 3.0 .m3u crash", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485547/100/100/threaded" + }, + { + "name": "4839", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4839" + }, + { + "name": "20071227 Re: Re: TotalPlayer 3.0 .m3u crash", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485564/100/100/threaded" + }, + { + "name": "coolplayer-mainskincheck-bo(30861)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30861" + }, + { + "name": "20071227 Re: Re: Re: TotalPlayer 3.0 .m3u crash", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/485578/100/100/threaded" + }, + { + "name": "21396", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21396" + }, + { + "name": "coolplayer-unspecified-bo(30658)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30658" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6515.json b/2006/6xxx/CVE-2006-6515.json index 9744c237210..38104750109 100644 --- a/2006/6xxx/CVE-2006-6515.json +++ b/2006/6xxx/CVE-2006-6515.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to \"reporter\" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=469627", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=469627" - }, - { - "name" : "http://www.mantisbugtracker.com/changelog.php", - "refsource" : "CONFIRM", - "url" : "http://www.mantisbugtracker.com/changelog.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to \"reporter\" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=469627", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=469627" + }, + { + "name": "http://www.mantisbugtracker.com/changelog.php", + "refsource": "CONFIRM", + "url": "http://www.mantisbugtracker.com/changelog.php" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6551.json b/2006/6xxx/CVE-2006-6551.json index 9aa3b57fdcb..dcfdcf6178c 100644 --- a/2006/6xxx/CVE-2006-6551.json +++ b/2006/6xxx/CVE-2006-6551.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6551", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in libs/tucows/api/cartridges/crt_TUCOWS_domains/lib/domainutils.inc.php in Tucows Client Code Suite (CCS) 1.2.1015 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _ENV[TCA_HOME] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6551", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2896", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2896" - }, - { - "name" : "tucows-domainutils-file-include(30789)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in libs/tucows/api/cartridges/crt_TUCOWS_domains/lib/domainutils.inc.php in Tucows Client Code Suite (CCS) 1.2.1015 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _ENV[TCA_HOME] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2896", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2896" + }, + { + "name": "tucows-domainutils-file-include(30789)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30789" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7193.json b/2006/7xxx/CVE-2006-7193.json index 8924f996418..1faf9f34df1 100644 --- a/2006/7xxx/CVE-2006-7193.json +++ b/2006/7xxx/CVE-2006-7193.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter. NOTE: this issue is disputed by CVE and a third party because SMARTY_DIR is a constant." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061023 Smarty-2.6.1 Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=116163668213491&w=2" - }, - { - "name" : "20061024 Re: Smarty-2.6.1 Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=116170769322920&w=2" - }, - { - "name" : "31096", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/31096" - }, - { - "name" : "smarty-test-file-include(29739)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29739" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter. NOTE: this issue is disputed by CVE and a third party because SMARTY_DIR is a constant." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061023 Smarty-2.6.1 Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=116163668213491&w=2" + }, + { + "name": "31096", + "refsource": "OSVDB", + "url": "http://osvdb.org/31096" + }, + { + "name": "20061024 Re: Smarty-2.6.1 Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=116170769322920&w=2" + }, + { + "name": "smarty-test-file-include(29739)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29739" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2261.json b/2010/2xxx/CVE-2010-2261.json index 945005b149b..7a8bb23f760 100644 --- a/2010/2xxx/CVE-2010-2261.json +++ b/2010/2xxx/CVE-2010-2261.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2261", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) data2 and (2) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100608 IS-2010-002 - Linksys WAP54Gv3 Remote Debug Root Shell", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511733/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) data2 and (2) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100608 IS-2010-002 - Linksys WAP54Gv3 Remote Debug Root Shell", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511733/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2338.json b/2010/2xxx/CVE-2010-2338.json index 40c20782c90..85a465ae38e 100644 --- a/2010/2xxx/CVE-2010-2338.json +++ b/2010/2xxx/CVE-2010-2338.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2338", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor Analyst allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2338", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13842", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13842" - }, - { - "name" : "http://packetstormsecurity.org/1006-exploits/vuwebvisitoranalyst-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1006-exploits/vuwebvisitoranalyst-sql.txt" - }, - { - "name" : "65483", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65483" - }, - { - "name" : "40176", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40176" - }, - { - "name" : "ADV-2010-1460", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1460" - }, - { - "name" : "webvisitor-login-page-sql-injection(59396)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor Analyst allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40176", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40176" + }, + { + "name": "webvisitor-login-page-sql-injection(59396)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59396" + }, + { + "name": "13842", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13842" + }, + { + "name": "ADV-2010-1460", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1460" + }, + { + "name": "http://packetstormsecurity.org/1006-exploits/vuwebvisitoranalyst-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1006-exploits/vuwebvisitoranalyst-sql.txt" + }, + { + "name": "65483", + "refsource": "OSVDB", + "url": "http://osvdb.org/65483" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2581.json b/2010/2xxx/CVE-2010-2581.json index d3332c0715c..16f455684d3 100644 --- a/2010/2xxx/CVE-2010-2581.json +++ b/2010/2xxx/CVE-2010-2581.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director file containing a crafted pamm chunk with an invalid (1) size and (2) number of sub-chunks, a different vulnerability than CVE-2010-4084, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2010-2581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20101029 Secunia Research: Adobe Shockwave Player \"pamm\" Chunk Parsing Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/514559/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2010-113/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2010-113/" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-25.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-25.html" - }, - { - "name" : "oval:org.mitre.oval:def:12185", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12185" - }, - { - "name" : "1024664", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024664" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director file containing a crafted pamm chunk with an invalid (1) size and (2) number of sub-chunks, a different vulnerability than CVE-2010-4084, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1024664", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024664" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-25.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-25.html" + }, + { + "name": "20101029 Secunia Research: Adobe Shockwave Player \"pamm\" Chunk Parsing Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/514559/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:12185", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12185" + }, + { + "name": "http://secunia.com/secunia_research/2010-113/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2010-113/" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0235.json b/2011/0xxx/CVE-2011-0235.json index 1f10bcd7349..a1ff922fcda 100644 --- a/2011/0xxx/CVE-2011-0235.json +++ b/2011/0xxx/CVE-2011-0235.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4808", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4808" - }, - { - "name" : "http://support.apple.com/kb/HT4981", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4981" - }, - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "APPLE-SA-2011-07-20-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" - }, - { - "name" : "APPLE-SA-2011-10-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4981", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4981" + }, + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "APPLE-SA-2011-10-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + }, + { + "name": "http://support.apple.com/kb/HT4808", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4808" + }, + { + "name": "APPLE-SA-2011-07-20-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0450.json b/2011/0xxx/CVE-2011-0450.json index 0ac917839cd..88b5bfaa7c6 100644 --- a/2011/0xxx/CVE-2011-0450.json +++ b/2011/0xxx/CVE-2011-0450.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing application, which allows user-assisted remote attackers to execute arbitrary code via a crafted web site that hosts an executable file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2011-0450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/windows/1101/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1101/" - }, - { - "name" : "http://www.opera.com/support/kb/view/985/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/985/" - }, - { - "name" : "JVN#33880169", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN33880169/index.html" - }, - { - "name" : "JVNDB-2011-000010", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000010.html" - }, - { - "name" : "70726", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70726" - }, - { - "name" : "oval:org.mitre.oval:def:12369", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12369" - }, - { - "name" : "43023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43023" - }, - { - "name" : "ADV-2011-0231", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing application, which allows user-assisted remote attackers to execute arbitrary code via a crafted web site that hosts an executable file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/support/kb/view/985/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/985/" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1101/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1101/" + }, + { + "name": "ADV-2011-0231", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0231" + }, + { + "name": "oval:org.mitre.oval:def:12369", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12369" + }, + { + "name": "JVNDB-2011-000010", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000010.html" + }, + { + "name": "70726", + "refsource": "OSVDB", + "url": "http://osvdb.org/70726" + }, + { + "name": "JVN#33880169", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN33880169/index.html" + }, + { + "name": "43023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43023" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0706.json b/2011/0xxx/CVE-2011-0706.json index f8aefa6255e..4a9c5901394 100644 --- a/2011/0xxx/CVE-2011-0706.json +++ b/2011/0xxx/CVE-2011-0706.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of \"an inappropriate security descriptor.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-0706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=677332", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=677332" - }, - { - "name" : "http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/", - "refsource" : "CONFIRM", - "url" : "http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/" - }, - { - "name" : "DSA-2224", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2224" - }, - { - "name" : "FEDORA-2011-1631", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html" - }, - { - "name" : "FEDORA-2011-1645", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "MDVSA-2011:054", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054" - }, - { - "name" : "46439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46439" - }, - { - "name" : "oval:org.mitre.oval:def:14117", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117" - }, - { - "name" : "43350", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43350" - }, - { - "name" : "icedtea-jnlpclassloader-priv-esc(65534)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65534" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of \"an inappropriate security descriptor.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2011-1631", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "FEDORA-2011-1645", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html" + }, + { + "name": "46439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46439" + }, + { + "name": "icedtea-jnlpclassloader-priv-esc(65534)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65534" + }, + { + "name": "http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/", + "refsource": "CONFIRM", + "url": "http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/" + }, + { + "name": "43350", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43350" + }, + { + "name": "DSA-2224", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2224" + }, + { + "name": "oval:org.mitre.oval:def:14117", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14117" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=677332", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677332" + }, + { + "name": "MDVSA-2011:054", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0727.json b/2011/0xxx/CVE-2011-0727.json index f1dee9b764c..4d8f66b9fe3 100644 --- a/2011/0xxx/CVE-2011-0727.json +++ b/2011/0xxx/CVE-2011-0727.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0727", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2011-0727", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[gdm-list] 20110328 GDM 2.32.1 released", - "refsource" : "MLIST", - "url" : "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html" - }, - { - "name" : "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news", - "refsource" : "CONFIRM", - "url" : "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=688323", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=688323" - }, - { - "name" : "DSA-2205", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2205" - }, - { - "name" : "FEDORA-2011-4335", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html" - }, - { - "name" : "FEDORA-2011-4351", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html" - }, - { - "name" : "MDVSA-2011:070", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070" - }, - { - "name" : "RHSA-2011:0395", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0395.html" - }, - { - "name" : "USN-1099-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1099-1" - }, - { - "name" : "47063", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47063" - }, - { - "name" : "1025264", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025264" - }, - { - "name" : "43714", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43714" - }, - { - "name" : "43854", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43854" - }, - { - "name" : "44021", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44021" - }, - { - "name" : "ADV-2011-0786", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0786" - }, - { - "name" : "ADV-2011-0787", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0787" - }, - { - "name" : "ADV-2011-0797", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0797" - }, - { - "name" : "ADV-2011-0847", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0847" - }, - { - "name" : "ADV-2011-0911", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0911" - }, - { - "name" : "display-manager-priv-escalation(66377)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1099-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1099-1" + }, + { + "name": "43714", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43714" + }, + { + "name": "1025264", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025264" + }, + { + "name": "FEDORA-2011-4351", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057931.html" + }, + { + "name": "43854", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43854" + }, + { + "name": "ADV-2011-0847", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0847" + }, + { + "name": "ADV-2011-0787", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0787" + }, + { + "name": "display-manager-priv-escalation(66377)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66377" + }, + { + "name": "ADV-2011-0911", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0911" + }, + { + "name": "MDVSA-2011:070", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:070" + }, + { + "name": "DSA-2205", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2205" + }, + { + "name": "RHSA-2011:0395", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0395.html" + }, + { + "name": "47063", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47063" + }, + { + "name": "ADV-2011-0786", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0786" + }, + { + "name": "[gdm-list] 20110328 GDM 2.32.1 released", + "refsource": "MLIST", + "url": "http://mail.gnome.org/archives/gdm-list/2011-March/msg00020.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=688323", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688323" + }, + { + "name": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news", + "refsource": "CONFIRM", + "url": "http://ftp.gnome.org/pub/GNOME/sources/gdm/2.32/gdm-2.32.1.news" + }, + { + "name": "44021", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44021" + }, + { + "name": "FEDORA-2011-4335", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057333.html" + }, + { + "name": "ADV-2011-0797", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0797" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0800.json b/2011/0xxx/CVE-2011-0800.json index 7cbfe600090..3e85b16aa2c 100644 --- a/2011/0xxx/CVE-2011-0800.json +++ b/2011/0xxx/CVE-2011-0800.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration Utilities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration Utilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0959.json b/2011/0xxx/CVE-2011-0959.json index 0aa57d6fd75..542e4b193c1 100644 --- a/2011/0xxx/CVE-2011-0959.json +++ b/2011/0xxx/CVE-2011-0959.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-0959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17304", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17304" - }, - { - "name" : "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html" - }, - { - "name" : "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf", - "refsource" : "MISC", - "url" : "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf" - }, - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085" - }, - { - "name" : "cisco-uom-multiple-xss(67521)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67521" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23085" + }, + { + "name": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf", + "refsource": "MISC", + "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf" + }, + { + "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html" + }, + { + "name": "17304", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17304" + }, + { + "name": "cisco-uom-multiple-xss(67521)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67521" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1174.json b/2011/1xxx/CVE-2011-1174.json index f3a0622bfd4..b7a644b6eb3 100644 --- a/2011/1xxx/CVE-2011-1174.json +++ b/2011/1xxx/CVE-2011-1174.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110317 CVE request for Asterisk flaws", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/17/5" - }, - { - "name" : "[oss-security] 20110321 Re: CVE request for Asterisk flaws", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/21/12" - }, - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2011-003.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2011-003.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=688675", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=688675" - }, - { - "name" : "DSA-2225", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2225" - }, - { - "name" : "FEDORA-2011-3958", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html" - }, - { - "name" : "FEDORA-2011-3942", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html" - }, - { - "name" : "FEDORA-2011-3945", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html" - }, - { - "name" : "46897", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46897" - }, - { - "name" : "1025223", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025223" - }, - { - "name" : "ADV-2011-0686", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0686" - }, - { - "name" : "ADV-2011-0790", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0790" - }, - { - "name" : "asterisk-writes-dos(66139)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66139" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2011-3945", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html" + }, + { + "name": "DSA-2225", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2225" + }, + { + "name": "FEDORA-2011-3942", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=688675", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688675" + }, + { + "name": "http://downloads.asterisk.org/pub/security/AST-2011-003.html", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2011-003.html" + }, + { + "name": "[oss-security] 20110317 CVE request for Asterisk flaws", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/17/5" + }, + { + "name": "46897", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46897" + }, + { + "name": "asterisk-writes-dos(66139)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66139" + }, + { + "name": "FEDORA-2011-3958", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html" + }, + { + "name": "ADV-2011-0686", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0686" + }, + { + "name": "ADV-2011-0790", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0790" + }, + { + "name": "1025223", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025223" + }, + { + "name": "[oss-security] 20110321 Re: CVE request for Asterisk flaws", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/21/12" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1202.json b/2011/1xxx/CVE-2011-1202.json index 58d46c0a9e9..5a5ad6f1554 100644 --- a/2011/1xxx/CVE-2011-1202.json +++ b/2011/1xxx/CVE-2011-1202.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1202", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html", - "refsource" : "MISC", - "url" : "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=73716", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=73716" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html" - }, - { - "name" : "http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f", - "refsource" : "CONFIRM", - "url" : "http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=684386", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=684386" - }, - { - "name" : "http://downloads.avaya.com/css/P8/documents/100144158", - "refsource" : "CONFIRM", - "url" : "http://downloads.avaya.com/css/P8/documents/100144158" - }, - { - "name" : "MDVSA-2011:079", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079" - }, - { - "name" : "MDVSA-2012:164", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164" - }, - { - "name" : "46785", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46785" - }, - { - "name" : "oval:org.mitre.oval:def:14244", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244" - }, - { - "name" : "ADV-2011-0628", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0628" - }, - { - "name" : "google-xslt-info-disclosure(65966)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14244", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244" + }, + { + "name": "46785", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46785" + }, + { + "name": "http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f", + "refsource": "CONFIRM", + "url": "http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f" + }, + { + "name": "MDVSA-2011:079", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html" + }, + { + "name": "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html", + "refsource": "MISC", + "url": "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=73716", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=73716" + }, + { + "name": "google-xslt-info-disclosure(65966)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65966" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=684386", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=684386" + }, + { + "name": "MDVSA-2012:164", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164" + }, + { + "name": "http://downloads.avaya.com/css/P8/documents/100144158", + "refsource": "CONFIRM", + "url": "http://downloads.avaya.com/css/P8/documents/100144158" + }, + { + "name": "ADV-2011-0628", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0628" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1254.json b/2011/1xxx/CVE-2011-1254.json index f2752331952..981ab2bb03a 100644 --- a/2011/1xxx/CVE-2011-1254.json +++ b/2011/1xxx/CVE-2011-1254.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka \"Drag and Drop Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-050", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050" - }, - { - "name" : "oval:org.mitre.oval:def:12368", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12368" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka \"Drag and Drop Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS11-050", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050" + }, + { + "name": "oval:org.mitre.oval:def:12368", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12368" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1626.json b/2011/1xxx/CVE-2011-1626.json index 1c061f50ba8..86a33ce6128 100644 --- a/2011/1xxx/CVE-2011-1626.json +++ b/2011/1xxx/CVE-2011-1626.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1626", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1626", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1680.json b/2011/1xxx/CVE-2011-1680.json index 41e2a8441b8..6f2aee5ebf5 100644 --- a/2011/1xxx/CVE-2011-1680.json +++ b/2011/1xxx/CVE-2011-1680.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1680", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110303 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/11" - }, - { - "name" : "[oss-security] 20110303 Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/9" - }, - { - "name" : "[oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/10" - }, - { - "name" : "[oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/12" - }, - { - "name" : "[oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/05/3" - }, - { - "name" : "[oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/05/7" - }, - { - "name" : "[oss-security] 20110307 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/07/9" - }, - { - "name" : "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/14/5" - }, - { - "name" : "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/14/7" - }, - { - "name" : "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/14/16" - }, - { - "name" : "[oss-security] 20110315 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/15/6" - }, - { - "name" : "[oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/22/4" - }, - { - "name" : "[oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/22/6" - }, - { - "name" : "[oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/31/3" - }, - { - "name" : "[oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/31/4" - }, - { - "name" : "[oss-security] 20110401 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/01/2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=688980", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=688980" - }, - { - "name" : "ncpfs-mtab-unspecified(66700)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66700" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/14/5" + }, + { + "name": "[oss-security] 20110303 Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/9" + }, + { + "name": "[oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/22/6" + }, + { + "name": "[oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/22/4" + }, + { + "name": "[oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/05/7" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=688980", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688980" + }, + { + "name": "[oss-security] 20110307 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/07/9" + }, + { + "name": "ncpfs-mtab-unspecified(66700)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66700" + }, + { + "name": "[oss-security] 20110401 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/01/2" + }, + { + "name": "[oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/10" + }, + { + "name": "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/14/16" + }, + { + "name": "[oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/31/4" + }, + { + "name": "[oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/12" + }, + { + "name": "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/14/7" + }, + { + "name": "[oss-security] 20110303 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/11" + }, + { + "name": "[oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/05/3" + }, + { + "name": "[oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/31/3" + }, + { + "name": "[oss-security] 20110315 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/15/6" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4123.json b/2011/4xxx/CVE-2011-4123.json index 47e5af0f5a3..84000b75536 100644 --- a/2011/4xxx/CVE-2011-4123.json +++ b/2011/4xxx/CVE-2011-4123.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4123", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-3874. Reason: This candidate is a duplicate of CVE-2011-3874. Notes: All CVE users should reference CVE-2011-3874 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4123", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-3874. Reason: This candidate is a duplicate of CVE-2011-3874. Notes: All CVE users should reference CVE-2011-3874 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4246.json b/2011/4xxx/CVE-2011-4246.json index 167bf3a47ab..febcd47dab4 100644 --- a/2011/4xxx/CVE-2011-4246.json +++ b/2011/4xxx/CVE-2011-4246.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AAC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://service.real.com/realplayer/security/11182011_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/11182011_player/en/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AAC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://service.real.com/realplayer/security/11182011_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/11182011_player/en/" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4675.json b/2011/4xxx/CVE-2011-4675.json index c1bd7044fae..a440157f0bc 100644 --- a/2011/4xxx/CVE-2011-4675.json +++ b/2011/4xxx/CVE-2011-4675.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading ~ (tilde) characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolute path traversal attacks and overwrite arbitrary files via a ~ in a pathname that is used for a file transfer in an Internet game, a different vulnerability than CVE-2011-1932." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021", - "refsource" : "CONFIRM", - "url" : "http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960" - }, - { - "name" : "widelands-filesystem-file-overwrite(71626)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71626" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading ~ (tilde) characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolute path traversal attacks and overwrite arbitrary files via a ~ in a pathname that is used for a file transfer in an Internet game, a different vulnerability than CVE-2011-1932." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021", + "refsource": "CONFIRM", + "url": "http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021" + }, + { + "name": "widelands-filesystem-file-overwrite(71626)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71626" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4921.json b/2011/4xxx/CVE-2011-4921.json index 03891f1df9c..79c81db122a 100644 --- a/2011/4xxx/CVE-2011-4921.json +++ b/2011/4xxx/CVE-2011-4921.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers to execute arbitrary SQL commands via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120104 Re: CVE-request: Multiple e107 vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/01/04/3" - }, - { - "name" : "51253", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51253" - }, - { - "name" : "78050", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78050" - }, - { - "name" : "46706", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46706" - }, - { - "name" : "e107inc-usersettings-sql-injection(72011)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72011" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers to execute arbitrary SQL commands via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46706", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46706" + }, + { + "name": "e107inc-usersettings-sql-injection(72011)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72011" + }, + { + "name": "78050", + "refsource": "OSVDB", + "url": "http://osvdb.org/78050" + }, + { + "name": "51253", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51253" + }, + { + "name": "[oss-security] 20120104 Re: CVE-request: Multiple e107 vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/01/04/3" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5138.json b/2011/5xxx/CVE-2011-5138.json index bd5f033626c..2e67c74d557 100644 --- a/2011/5xxx/CVE-2011-5138.json +++ b/2011/5xxx/CVE-2011-5138.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in member.php in tForum b0.915 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a viewprofile action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/view/108184/tforum-sqlxss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/108184/tforum-sqlxss.txt" - }, - { - "name" : "tforum-member-xss(71973)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71973" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in member.php in tForum b0.915 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a viewprofile action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tforum-member-xss(71973)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71973" + }, + { + "name": "http://packetstormsecurity.org/files/view/108184/tforum-sqlxss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/108184/tforum-sqlxss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5242.json b/2011/5xxx/CVE-2011-5242.json index 25eaf856205..fc69521f422 100644 --- a/2011/5xxx/CVE-2011-5242.json +++ b/2011/5xxx/CVE-2011-5242.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tmhOAuth before 0.61 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.unrest.ca/peerjacking", - "refsource" : "MISC", - "url" : "http://www.unrest.ca/peerjacking" - }, - { - "name" : "https://github.com/themattharris/tmhOAuth/blob/master/README.md", - "refsource" : "CONFIRM", - "url" : "https://github.com/themattharris/tmhOAuth/blob/master/README.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tmhOAuth before 0.61 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.unrest.ca/peerjacking", + "refsource": "MISC", + "url": "http://www.unrest.ca/peerjacking" + }, + { + "name": "https://github.com/themattharris/tmhOAuth/blob/master/README.md", + "refsource": "CONFIRM", + "url": "https://github.com/themattharris/tmhOAuth/blob/master/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2537.json b/2014/2xxx/CVE-2014-2537.json index eec7fe4826a..b71c7a2d38f 100644 --- a/2014/2xxx/CVE-2014-2537.json +++ b/2014/2xxx/CVE-2014-2537.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/", - "refsource" : "CONFIRM", - "url" : "http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/" - }, - { - "name" : "66231", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66231" - }, - { - "name" : "1029920", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029920" - }, - { - "name" : "57344", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029920", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029920" + }, + { + "name": "57344", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57344" + }, + { + "name": "http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/", + "refsource": "CONFIRM", + "url": "http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/" + }, + { + "name": "66231", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66231" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2548.json b/2014/2xxx/CVE-2014-2548.json index 4b8307f5ad4..631032a1a21 100644 --- a/2014/2xxx/CVE-2014-2548.json +++ b/2014/2xxx/CVE-2014-2548.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2548", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2548", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2574.json b/2014/2xxx/CVE-2014-2574.json index c1f6f731a28..1d94fde6392 100644 --- a/2014/2xxx/CVE-2014-2574.json +++ b/2014/2xxx/CVE-2014-2574.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2574", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2574", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2613.json b/2014/2xxx/CVE-2014-2613.json index 199494a18ce..31aaf372bb3 100644 --- a/2014/2xxx/CVE-2014-2613.json +++ b/2014/2xxx/CVE-2014-2613.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2613", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to gain privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2014-2613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU03061", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04352674" - }, - { - "name" : "68245", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68245" - }, - { - "name" : "1030490", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030490" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to gain privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68245", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68245" + }, + { + "name": "HPSBMU03061", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04352674" + }, + { + "name": "1030490", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030490" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2789.json b/2014/2xxx/CVE-2014-2789.json index cf5b7f88f12..e3312ca7977 100644 --- a/2014/2xxx/CVE-2014-2789.json +++ b/2014/2xxx/CVE-2014-2789.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2795, CVE-2014-2798, and CVE-2014-2804." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-037", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037" - }, - { - "name" : "68374", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68374" - }, - { - "name" : "1030532", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030532" - }, - { - "name" : "59775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2795, CVE-2014-2798, and CVE-2014-2804." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-037", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037" + }, + { + "name": "59775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59775" + }, + { + "name": "1030532", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030532" + }, + { + "name": "68374", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68374" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3389.json b/2014/3xxx/CVE-2014-3389.json index 0af469c17e4..70290896ba2 100644 --- a/2014/3xxx/CVE-2014-3389.json +++ b/2014/3xxx/CVE-2014-3389.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.6), and 9.3 before 9.3(1.1) does not properly implement a tunnel filter, which allows remote authenticated users to obtain failover-unit access via crafted packets, aka Bug ID CSCuq28582." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141008 Multiple Vulnerabilities in Cisco ASA Software", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.6), and 9.3 before 9.3(1.1) does not properly implement a tunnel filter, which allows remote authenticated users to obtain failover-unit access via crafted packets, aka Bug ID CSCuq28582." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141008 Multiple Vulnerabilities in Cisco ASA Software", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3418.json b/2014/3xxx/CVE-2014-3418.json index a7173116ff2..9e9186e5484 100644 --- a/2014/3xxx/CVE-2014-3418.json +++ b/2014/3xxx/CVE-2014-3418.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140709 OS Command Injection Infoblox Network Automation", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532709/100/0/threaded" - }, - { - "name" : "34030", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/34030" - }, - { - "name" : "20140709 CVE-2014-3418 - OS Command Injection Infoblox Network Automation", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jul/35" - }, - { - "name" : "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html", - "refsource" : "MISC", - "url" : "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html" - }, - { - "name" : "https://github.com/depthsecurity/NetMRI-2014-3418", - "refsource" : "MISC", - "url" : "https://github.com/depthsecurity/NetMRI-2014-3418" - }, - { - "name" : "68471", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68471" - }, - { - "name" : "infoblox-cve20143418-command-exec(94449)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94449" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68471", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68471" + }, + { + "name": "20140709 OS Command Injection Infoblox Network Automation", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532709/100/0/threaded" + }, + { + "name": "20140709 CVE-2014-3418 - OS Command Injection Infoblox Network Automation", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jul/35" + }, + { + "name": "34030", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/34030" + }, + { + "name": "infoblox-cve20143418-command-exec(94449)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94449" + }, + { + "name": "https://github.com/depthsecurity/NetMRI-2014-3418", + "refsource": "MISC", + "url": "https://github.com/depthsecurity/NetMRI-2014-3418" + }, + { + "name": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html", + "refsource": "MISC", + "url": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3555.json b/2014/3xxx/CVE-2014-3555.json index 405b49c57aa..fb4036eca6a 100644 --- a/2014/3xxx/CVE-2014-3555.json +++ b/2014/3xxx/CVE-2014-3555.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[openstack-announce] 20140721 [OSSA 2014-025] Denial of Service in Neutron allowed address pair (CVE-2014-3555)", - "refsource" : "MLIST", - "url" : "http://lists.openstack.org/pipermail/openstack-announce/2014-July/000255.html" - }, - { - "name" : "[oss-security] 20140721 [OSSA 2014-025] Denial of Service in Neutron allowed address pair (CVE-2014-3555)", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q3/200" - }, - { - "name" : "https://bugs.launchpad.net/neutron/+bug/1336207", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/neutron/+bug/1336207" - }, - { - "name" : "RHSA-2014:1119", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1119.html" - }, - { - "name" : "RHSA-2014:1120", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1120.html" - }, - { - "name" : "68765", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68765" - }, - { - "name" : "60804", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60804" - }, - { - "name" : "60766", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60766" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60804", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60804" + }, + { + "name": "RHSA-2014:1120", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1120.html" + }, + { + "name": "68765", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68765" + }, + { + "name": "60766", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60766" + }, + { + "name": "[oss-security] 20140721 [OSSA 2014-025] Denial of Service in Neutron allowed address pair (CVE-2014-3555)", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q3/200" + }, + { + "name": "RHSA-2014:1119", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1119.html" + }, + { + "name": "https://bugs.launchpad.net/neutron/+bug/1336207", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/neutron/+bug/1336207" + }, + { + "name": "[openstack-announce] 20140721 [OSSA 2014-025] Denial of Service in Neutron allowed address pair (CVE-2014-3555)", + "refsource": "MLIST", + "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-July/000255.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3710.json b/2014/3xxx/CVE-2014-3710.json index e85b3d12d66..08bc49c5781 100644 --- a/2014/3xxx/CVE-2014-3710.json +++ b/2014/3xxx/CVE-2014-3710.json @@ -1,222 +1,222 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d", - "refsource" : "CONFIRM", - "url" : "http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d" - }, - { - "name" : "https://bugs.php.net/bug.php?id=68283", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=68283" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1155071", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1155071" - }, - { - "name" : "https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0", - "refsource" : "CONFIRM", - "url" : "https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-1767.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-1767.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-1768.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-1768.html" - }, - { - "name" : "https://support.apple.com/HT204659", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204659" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" - }, - { - "name" : "APPLE-SA-2015-04-08-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" - }, - { - "name" : "DSA-3072", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3072" - }, - { - "name" : "FreeBSD-SA-14:28", - "refsource" : "FREEBSD", - "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc" - }, - { - "name" : "GLSA-201503-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201503-03" - }, - { - "name" : "GLSA-201701-42", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-42" - }, - { - "name" : "RHSA-2014:1767", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1767.html" - }, - { - "name" : "RHSA-2014:1768", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1768.html" - }, - { - "name" : "RHSA-2014:1765", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1765.html" - }, - { - "name" : "RHSA-2014:1766", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1766.html" - }, - { - "name" : "RHSA-2016:0760", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0760.html" - }, - { - "name" : "openSUSE-SU-2014:1516", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html" - }, - { - "name" : "USN-2391-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2391-1" - }, - { - "name" : "USN-2494-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2494-1" - }, - { - "name" : "70807", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70807" - }, - { - "name" : "1031344", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031344" - }, - { - "name" : "60630", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60630" - }, - { - "name" : "60699", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60699" - }, - { - "name" : "61763", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61763" - }, - { - "name" : "61970", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61970" - }, - { - "name" : "61982", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61982" - }, - { - "name" : "62347", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62347" - }, - { - "name" : "62559", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62559" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.php.net/bug.php?id=68283", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=68283" + }, + { + "name": "http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d", + "refsource": "CONFIRM", + "url": "http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d" + }, + { + "name": "62347", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62347" + }, + { + "name": "RHSA-2014:1767", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html" + }, + { + "name": "USN-2391-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2391-1" + }, + { + "name": "https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0", + "refsource": "CONFIRM", + "url": "https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0" + }, + { + "name": "https://support.apple.com/HT204659", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204659" + }, + { + "name": "61982", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61982" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" + }, + { + "name": "61763", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61763" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-1767.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1767.html" + }, + { + "name": "RHSA-2014:1766", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html" + }, + { + "name": "FreeBSD-SA-14:28", + "refsource": "FREEBSD", + "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-1768.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1768.html" + }, + { + "name": "DSA-3072", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3072" + }, + { + "name": "RHSA-2016:0760", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" + }, + { + "name": "USN-2494-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2494-1" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "APPLE-SA-2015-04-08-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" + }, + { + "name": "61970", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61970" + }, + { + "name": "1031344", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031344" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" + }, + { + "name": "RHSA-2014:1765", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html" + }, + { + "name": "openSUSE-SU-2014:1516", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html" + }, + { + "name": "RHSA-2014:1768", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html" + }, + { + "name": "GLSA-201701-42", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-42" + }, + { + "name": "60699", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60699" + }, + { + "name": "GLSA-201503-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201503-03" + }, + { + "name": "70807", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70807" + }, + { + "name": "60630", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60630" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1155071", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1155071" + }, + { + "name": "62559", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62559" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6296.json b/2014/6xxx/CVE-2014-6296.json index b86c68d1380..de889f268ae 100644 --- a/2014/6xxx/CVE-2014-6296.json +++ b/2014/6xxx/CVE-2014-6296.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/", - "refsource" : "MISC", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/" - }, - { - "name" : "http://typo3.org/extensions/repository/view/wec_map", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/wec_map" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/", + "refsource": "MISC", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/" + }, + { + "name": "http://typo3.org/extensions/repository/view/wec_map", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/wec_map" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6684.json b/2014/6xxx/CVE-2014-6684.json index 8afb4dd2f69..c63853754fe 100644 --- a/2014/6xxx/CVE-2014-6684.json +++ b/2014/6xxx/CVE-2014-6684.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6684", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MOL bringaPONT (aka hu.mol.bringapont) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#710097", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/710097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MOL bringaPONT (aka hu.mol.bringapont) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#710097", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/710097" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6773.json b/2014/6xxx/CVE-2014-6773.json index 36fa1d7163a..6523111f662 100644 --- a/2014/6xxx/CVE-2014-6773.json +++ b/2014/6xxx/CVE-2014-6773.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CIH Quiz game (aka com.bowenehs.cihquizgameapp) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#762017", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/762017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CIH Quiz game (aka com.bowenehs.cihquizgameapp) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#762017", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/762017" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6809.json b/2014/6xxx/CVE-2014-6809.json index 76c1fd1e672..672b76d813a 100644 --- a/2014/6xxx/CVE-2014-6809.json +++ b/2014/6xxx/CVE-2014-6809.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6809", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6846, CVE-2014-6847. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-6846 and CVE-2014-6847 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-6809", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6846, CVE-2014-6847. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-6846 and CVE-2014-6847 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6993.json b/2014/6xxx/CVE-2014-6993.json index e5700ef4f1a..78568710923 100644 --- a/2014/6xxx/CVE-2014-6993.json +++ b/2014/6xxx/CVE-2014-6993.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Codeeta Coupons (aka com.codeeta.promos) application 1.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#269569", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/269569" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Codeeta Coupons (aka com.codeeta.promos) application 1.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#269569", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/269569" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7716.json b/2014/7xxx/CVE-2014-7716.json index 94f3bbffaeb..6aea2b4d91f 100644 --- a/2014/7xxx/CVE-2014-7716.json +++ b/2014/7xxx/CVE-2014-7716.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7716", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Ultimate Christian Radios (aka com.ngg.ultimatechristianradios) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7716", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#585225", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/585225" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Ultimate Christian Radios (aka com.ngg.ultimatechristianradios) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#585225", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/585225" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7832.json b/2014/7xxx/CVE-2014-7832.json index a3a59499c6f..9adc6f2a8d9 100644 --- a/2014/7xxx/CVE-2014-7832.json +++ b/2014/7xxx/CVE-2014-7832.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by viewing an activity instance." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-7832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141117 Moodle security issues are now public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/11/17/11" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47921", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47921" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=275154", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=275154" - }, - { - "name" : "1031215", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by viewing an activity instance." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031215", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031215" + }, + { + "name": "[oss-security] 20141117 Moodle security issues are now public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/11/17/11" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47921", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47921" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=275154", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=275154" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7997.json b/2014/7xxx/CVE-2014-7997.json index ade76912e76..f60ac54a334 100644 --- a/2014/7xxx/CVE-2014-7997.json +++ b/2014/7xxx/CVE-2014-7997.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by triggering a transition into a recovery state that was intended to involve a network-interface restart but actually involves a full device restart, aka Bug ID CSCtn16281." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-7997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141114 Cisco Aironet DHCP Denial of Service Vulnerabilty", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7997" - }, - { - "name" : "1031218", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031218" - }, - { - "name" : "cisco-aironet-cve20147997-dos(98691)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98691" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by triggering a transition into a recovery state that was intended to involve a network-interface restart but actually involves a full device restart, aka Bug ID CSCtn16281." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-aironet-cve20147997-dos(98691)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98691" + }, + { + "name": "1031218", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031218" + }, + { + "name": "20141114 Cisco Aironet DHCP Denial of Service Vulnerabilty", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7997" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2308.json b/2016/2xxx/CVE-2016-2308.json index dd22f769fa6..b64ee8ddf77 100644 --- a/2016/2xxx/CVE-2016-2308.json +++ b/2016/2xxx/CVE-2016-2308.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2308", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application store passwords in cleartext, which allows remote attackers to obtain sensitive information by reading a file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-2308", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-273-01-0", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-273-01-0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application store passwords in cleartext, which allows remote attackers to obtain sensitive information by reading a file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-273-01-0", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-273-01-0" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0018.json b/2017/0xxx/CVE-2017-0018.json index ce5bfa47359..c0eeae45a0c 100644 --- a/2017/0xxx/CVE-2017-0018.json +++ b/2017/0xxx/CVE-2017-0018.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Internet Explorer", - "version" : { - "version_data" : [ - { - "version_value" : "Internet Explorer 10 and 11" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 10 and 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0037 and CVE-2017-0149." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer", + "version": { + "version_data": [ + { + "version_value": "Internet Explorer 10 and 11" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0018", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0018" - }, - { - "name" : "96086", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96086" - }, - { - "name" : "1038008", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 10 and 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0037 and CVE-2017-0149." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0018", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0018" + }, + { + "name": "96086", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96086" + }, + { + "name": "1038008", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038008" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0717.json b/2017/0xxx/CVE-2017-0717.json index 29d694b553c..39ba93cc5ea 100644 --- a/2017/0xxx/CVE-2017-0717.json +++ b/2017/0xxx/CVE-2017-0717.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0717", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0717", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0793.json b/2017/0xxx/CVE-2017-0793.json index d445cee468b..ec341fa6841 100644 --- a/2017/0xxx/CVE-2017-0793.json +++ b/2017/0xxx/CVE-2017-0793.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-09-05T00:00:00", - "ID" : "CVE-2017-0793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A information disclosure vulnerability in the N/A memory subsystem. Product: Android. Versions: Android kernel. Android ID: A-35764946." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-09-05T00:00:00", + "ID": "CVE-2017-0793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "100670", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100670" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A information disclosure vulnerability in the N/A memory subsystem. Product: Android. Versions: Android kernel. Android ID: A-35764946." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + }, + { + "name": "100670", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100670" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18260.json b/2017/18xxx/CVE-2017-18260.json index 8d140e34807..d1799d8263d 100644 --- a/2017/18xxx/CVE-2017-18260.json +++ b/2017/18xxx/CVE-2017-18260.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-010", - "refsource" : "MISC", - "url" : "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-010", + "refsource": "MISC", + "url": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-010" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1434.json b/2017/1xxx/CVE-2017-1434.json index 757d0c31238..6164d545abc 100644 --- a/2017/1xxx/CVE-2017-1434.json +++ b/2017/1xxx/CVE-2017-1434.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-09-07T00:00:00", - "ID" : "CVE-2017-1434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DB2 for Linux, UNIX and Windows", - "version" : { - "version_data" : [ - { - "version_value" : "11.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-09-07T00:00:00", + "ID": "CVE-2017-1434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DB2 for Linux, UNIX and Windows", + "version": { + "version_data": [ + { + "version_value": "11.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127806", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127806" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22005740", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22005740" - }, - { - "name" : "100693", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100693" - }, - { - "name" : "1039297", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039297" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039297", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039297" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127806", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127806" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22005740", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22005740" + }, + { + "name": "100693", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100693" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1482.json b/2017/1xxx/CVE-2017-1482.json index 98785b580b2..5f98c644585 100644 --- a/2017/1xxx/CVE-2017-1482.json +++ b/2017/1xxx/CVE-2017-1482.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-11-29T00:00:00", - "ID" : "CVE-2017-1482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sterling B2B Integrator", - "version" : { - "version_data" : [ - { - "version_value" : "5.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128620." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-11-29T00:00:00", + "ID": "CVE-2017-1482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator", + "version": { + "version_data": [ + { + "version_value": "5.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128620", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128620" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22010762", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22010762" - }, - { - "name" : "102035", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102035" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128620." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128620", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128620" + }, + { + "name": "102035", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102035" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22010762", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22010762" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1543.json b/2017/1xxx/CVE-2017-1543.json index b24bf112817..a003ad97730 100644 --- a/2017/1xxx/CVE-2017-1543.json +++ b/2017/1xxx/CVE-2017-1543.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1543", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1543", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1672.json b/2017/1xxx/CVE-2017-1672.json index c06e557119a..cb2b307efed 100644 --- a/2017/1xxx/CVE-2017-1672.json +++ b/2017/1xxx/CVE-2017-1672.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-01-03T00:00:00", - "ID" : "CVE-2017-1672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Key Lifecycle Manager", - "version" : { - "version_data" : [ - { - "version_value" : "2.6" - }, - { - "version_value" : "2.7" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-01-03T00:00:00", + "ID": "CVE-2017-1672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Key Lifecycle Manager", + "version": { + "version_data": [ + { + "version_value": "2.6" + }, + { + "version_value": "2.7" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133639", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133639" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012019", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133639", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133639" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22012019", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22012019" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1686.json b/2017/1xxx/CVE-2017-1686.json index 0633e1dc5be..2d9d79ba117 100644 --- a/2017/1xxx/CVE-2017-1686.json +++ b/2017/1xxx/CVE-2017-1686.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1686", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1686", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5671.json b/2017/5xxx/CVE-2017-5671.json index ffc7e1fcefc..4e8adafa74d 100644 --- a/2017/5xxx/CVE-2017-5671.json +++ b/2017/5xxx/CVE-2017-5671.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41754", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41754/" - }, - { - "name" : "https://akerva.com/blog/intermec-industrial-printers-local-root-with-busybox-jailbreak/", - "refsource" : "MISC", - "url" : "https://akerva.com/blog/intermec-industrial-printers-local-root-with-busybox-jailbreak/" - }, - { - "name" : "http://apps.intermec.com/downloads/eps_download/Firmware%20Release%20Notes%20x10_11_013310.pdf", - "refsource" : "CONFIRM", - "url" : "http://apps.intermec.com/downloads/eps_download/Firmware%20Release%20Notes%20x10_11_013310.pdf" - }, - { - "name" : "https://github.com/kmkz/exploit/blob/master/CVE-2017-5671-Credits.pdf", - "refsource" : "CONFIRM", - "url" : "https://github.com/kmkz/exploit/blob/master/CVE-2017-5671-Credits.pdf" - }, - { - "name" : "97236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97236" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41754", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41754/" + }, + { + "name": "http://apps.intermec.com/downloads/eps_download/Firmware%20Release%20Notes%20x10_11_013310.pdf", + "refsource": "CONFIRM", + "url": "http://apps.intermec.com/downloads/eps_download/Firmware%20Release%20Notes%20x10_11_013310.pdf" + }, + { + "name": "https://akerva.com/blog/intermec-industrial-printers-local-root-with-busybox-jailbreak/", + "refsource": "MISC", + "url": "https://akerva.com/blog/intermec-industrial-printers-local-root-with-busybox-jailbreak/" + }, + { + "name": "97236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97236" + }, + { + "name": "https://github.com/kmkz/exploit/blob/master/CVE-2017-5671-Credits.pdf", + "refsource": "CONFIRM", + "url": "https://github.com/kmkz/exploit/blob/master/CVE-2017-5671-Credits.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5843.json b/2017/5xxx/CVE-2017-5843.json index 76f97fe3eab..78bd7cf5c26 100644 --- a/2017/5xxx/CVE-2017-5843.json +++ b/2017/5xxx/CVE-2017-5843.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170201 Multiple memory access issues in gstreamer", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/01/7" - }, - { - "name" : "[oss-security] 20170202 Re: Multiple memory access issues in gstreamer", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/02/9" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=777503", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=777503" - }, - { - "name" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3", - "refsource" : "CONFIRM", - "url" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3" - }, - { - "name" : "DSA-3818", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3818" - }, - { - "name" : "GLSA-201705-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-10" - }, - { - "name" : "RHSA-2017:2060", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2060" - }, - { - "name" : "96001", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3818", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3818" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=777503", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=777503" + }, + { + "name": "96001", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96001" + }, + { + "name": "RHSA-2017:2060", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2060" + }, + { + "name": "[oss-security] 20170202 Re: Multiple memory access issues in gstreamer", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/02/9" + }, + { + "name": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3", + "refsource": "CONFIRM", + "url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3" + }, + { + "name": "GLSA-201705-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-10" + }, + { + "name": "[oss-security] 20170201 Multiple memory access issues in gstreamer", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/01/7" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5899.json b/2017/5xxx/CVE-2017-5899.json index fa71e35e33e..748103656d7 100644 --- a/2017/5xxx/CVE-2017-5899.json +++ b/2017/5xxx/CVE-2017-5899.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170127 CVE Request: s-nail local root", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/27/7" - }, - { - "name" : "[oss-security] 20170207 Re: CVE Request: s-nail local root", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/07/4" - }, - { - "name" : "[s-nail-users] 20170127 [ANN]ounce of S-nail v14.8.16 (\"Copris lunaris\")", - "refsource" : "MLIST", - "url" : "https://www.mail-archive.com/s-nail-users@lists.sourceforge.net/msg00551.html" - }, - { - "name" : "96138", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170207 Re: CVE Request: s-nail local root", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/07/4" + }, + { + "name": "[s-nail-users] 20170127 [ANN]ounce of S-nail v14.8.16 (\"Copris lunaris\")", + "refsource": "MLIST", + "url": "https://www.mail-archive.com/s-nail-users@lists.sourceforge.net/msg00551.html" + }, + { + "name": "[oss-security] 20170127 CVE Request: s-nail local root", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/27/7" + }, + { + "name": "96138", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96138" + } + ] + } +} \ No newline at end of file