diff --git a/2006/2xxx/CVE-2006-2173.json b/2006/2xxx/CVE-2006-2173.json index c5664db9af6..1e41dcfa680 100644 --- a/2006/2xxx/CVE-2006-2173.json +++ b/2006/2xxx/CVE-2006-2173.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in FileZilla FTP Server 2.2.22 allows remote authenticated attackers to cause a denial of service and possibly execute arbitrary code via a long (1) PORT or (2) PASS followed by the MLSD command, or (2) the remote server interface, as demonstrated by the Infigo FTPStress Fuzzer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060502 FTP Fuzzer", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=114658586018818&w=2" - }, - { - "name" : "20060508 INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-05/0139.html" - }, - { - "name" : "http://www.infigo.hr/en/in_focus/tools", - "refsource" : "MISC", - "url" : "http://www.infigo.hr/en/in_focus/tools" - }, - { - "name" : "http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03", - "refsource" : "MISC", - "url" : "http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03" - }, - { - "name" : "17802", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17802" - }, - { - "name" : "25221", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25221" - }, - { - "name" : "filezilla-port-pass-dos(26303)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26303" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in FileZilla FTP Server 2.2.22 allows remote authenticated attackers to cause a denial of service and possibly execute arbitrary code via a long (1) PORT or (2) PASS followed by the MLSD command, or (2) the remote server interface, as demonstrated by the Infigo FTPStress Fuzzer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17802", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17802" + }, + { + "name": "http://www.infigo.hr/en/in_focus/tools", + "refsource": "MISC", + "url": "http://www.infigo.hr/en/in_focus/tools" + }, + { + "name": "20060502 FTP Fuzzer", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=114658586018818&w=2" + }, + { + "name": "25221", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25221" + }, + { + "name": "http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03", + "refsource": "MISC", + "url": "http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03" + }, + { + "name": "filezilla-port-pass-dos(26303)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26303" + }, + { + "name": "20060508 INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0139.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2334.json b/2006/2xxx/CVE-2006-2334.json index 5861ec8ae60..4ae3abf3dac 100644 --- a/2006/2xxx/CVE-2006-2334.json +++ b/2006/2xxx/CVE-2006-2334.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060509 [48Bits.com Advisory] Path conversion design flaw in Microsoft NTDLL", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433583/100/0/threaded" - }, - { - "name" : "http://www.48bits.com/advisories/rtldospath.pdf", - "refsource" : "MISC", - "url" : "http://www.48bits.com/advisories/rtldospath.pdf" - }, - { - "name" : "17934", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17934" - }, - { - "name" : "25761", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25761" - }, - { - "name" : "win-ntdll-path-conversion(26487)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17934", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17934" + }, + { + "name": "win-ntdll-path-conversion(26487)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26487" + }, + { + "name": "20060509 [48Bits.com Advisory] Path conversion design flaw in Microsoft NTDLL", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433583/100/0/threaded" + }, + { + "name": "25761", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25761" + }, + { + "name": "http://www.48bits.com/advisories/rtldospath.pdf", + "refsource": "MISC", + "url": "http://www.48bits.com/advisories/rtldospath.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2495.json b/2006/2xxx/CVE-2006-2495.json index 83cd23f030b..5c1b2ec45aa 100644 --- a/2006/2xxx/CVE-2006-2495.json +++ b/2006/2xxx/CVE-2006-2495.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=414920&group_id=75065", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=414920&group_id=75065" - }, - { - "name" : "ADV-2006-1855", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1855" - }, - { - "name" : "20155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=414920&group_id=75065", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=414920&group_id=75065" + }, + { + "name": "20155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20155" + }, + { + "name": "ADV-2006-1855", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1855" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3033.json b/2006/3xxx/CVE-2006-3033.json index deed8b204e2..fb7e2313ba0 100644 --- a/2006/3xxx/CVE-2006-3033.json +++ b/2006/3xxx/CVE-2006-3033.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in MyScrapbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input box in singlepage.php when submitting scrapbook pages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060611 Myscrapbook v3.1 - XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436792/100/0/threaded" - }, - { - "name" : "18398", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18398" - }, - { - "name" : "26413", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26413" - }, - { - "name" : "20599", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20599" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in MyScrapbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input box in singlepage.php when submitting scrapbook pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18398", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18398" + }, + { + "name": "20060611 Myscrapbook v3.1 - XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436792/100/0/threaded" + }, + { + "name": "20599", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20599" + }, + { + "name": "26413", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26413" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3143.json b/2006/3xxx/CVE-2006-3143.json index 33eef7be2ad..afaaf68ce85 100644 --- a/2006/3xxx/CVE-2006-3143.json +++ b/2006/3xxx/CVE-2006-3143.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus SchoolMAX 4.0.1 and earlier iCue and iParent applications allows remote attackers to inject arbitrary web script or HTML via the error_msg parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060618 XSS Vulnerability in Maximus SchoolMAX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437640/100/0/threaded" - }, - { - "name" : "18563", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18563" - }, - { - "name" : "ADV-2006-2453", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2453" - }, - { - "name" : "20752", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20752" - }, - { - "name" : "1121", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus SchoolMAX 4.0.1 and earlier iCue and iParent applications allows remote attackers to inject arbitrary web script or HTML via the error_msg parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20752", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20752" + }, + { + "name": "18563", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18563" + }, + { + "name": "ADV-2006-2453", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2453" + }, + { + "name": "20060618 XSS Vulnerability in Maximus SchoolMAX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437640/100/0/threaded" + }, + { + "name": "1121", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1121" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3370.json b/2006/3xxx/CVE-2006-3370.json index 7571383b5b8..c46c8cffd82 100644 --- a/2006/3xxx/CVE-2006-3370.json +++ b/2006/3xxx/CVE-2006-3370.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3370", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Blueboy 1.0.3 stores bb_news_config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3370", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060703 5 php scripts remote database password disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438964/100/0/threaded" - }, - { - "name" : "1192", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1192" - }, - { - "name" : "blueboy-config-information-disclosure(27576)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27576" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Blueboy 1.0.3 stores bb_news_config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "blueboy-config-information-disclosure(27576)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27576" + }, + { + "name": "1192", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1192" + }, + { + "name": "20060703 5 php scripts remote database password disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438964/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3427.json b/2006/3xxx/CVE-2006-3427.json index 3015b5f7d4a..545e9245a6e 100644 --- a/2006/3xxx/CVE-2006-3427.json +++ b/2006/3xxx/CVE-2006-3427.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by declaring the sourceURL attribute on an uninitialized DirectAnimation.StructuredGraphicsControl ActiveX Object, which triggers a null dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://browserfun.blogspot.com/2006/07/mobb-6-structuredgraphicscontrol.html", - "refsource" : "MISC", - "url" : "http://browserfun.blogspot.com/2006/07/mobb-6-structuredgraphicscontrol.html" - }, - { - "name" : "18855", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18855" - }, - { - "name" : "ADV-2006-2687", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2687" - }, - { - "name" : "26839", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26839" - }, - { - "name" : "ie-structuredgraphicscontrol-sourceurl-dos(27565)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27565" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by declaring the sourceURL attribute on an uninitialized DirectAnimation.StructuredGraphicsControl ActiveX Object, which triggers a null dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2687", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2687" + }, + { + "name": "http://browserfun.blogspot.com/2006/07/mobb-6-structuredgraphicscontrol.html", + "refsource": "MISC", + "url": "http://browserfun.blogspot.com/2006/07/mobb-6-structuredgraphicscontrol.html" + }, + { + "name": "ie-structuredgraphicscontrol-sourceurl-dos(27565)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27565" + }, + { + "name": "26839", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26839" + }, + { + "name": "18855", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18855" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3451.json b/2006/3xxx/CVE-2006-3451.json index d92e307f843..35eee956003 100644 --- a/2006/3xxx/CVE-2006-3451.json +++ b/2006/3xxx/CVE-2006-3451.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when \"multiple imports are used on a styleSheets collection\" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-3451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060808 ZDI-06-026: Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442578/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-026.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-026.html" - }, - { - "name" : "MS06-042", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" - }, - { - "name" : "TA06-220A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" - }, - { - "name" : "VU#262004", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/262004" - }, - { - "name" : "19316", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19316" - }, - { - "name" : "ADV-2006-3212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3212" - }, - { - "name" : "27854", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27854" - }, - { - "name" : "oval:org.mitre.oval:def:5", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5" - }, - { - "name" : "1016663", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016663" - }, - { - "name" : "21396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21396" - }, - { - "name" : "1343", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1343" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when \"multiple imports are used on a styleSheets collection\" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-026.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-026.html" + }, + { + "name": "20060808 ZDI-06-026: Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442578/100/0/threaded" + }, + { + "name": "1016663", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016663" + }, + { + "name": "MS06-042", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" + }, + { + "name": "oval:org.mitre.oval:def:5", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5" + }, + { + "name": "VU#262004", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/262004" + }, + { + "name": "21396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21396" + }, + { + "name": "ADV-2006-3212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3212" + }, + { + "name": "1343", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1343" + }, + { + "name": "27854", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27854" + }, + { + "name": "TA06-220A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" + }, + { + "name": "19316", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19316" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4581.json b/2006/4xxx/CVE-2006-4581.json index 9d4b62382bb..0e5df1f9f37 100644 --- a/2006/4xxx/CVE-2006-4581.json +++ b/2006/4xxx/CVE-2006-4581.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in The Address Book 1.04e validates the Content-Type header but not the file extension, which allows remote attackers to upload arbitrary PHP scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2006-4581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2006-76/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-76/advisory/" - }, - { - "name" : "21870", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21870" - }, - { - "name" : "32560", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32560" - }, - { - "name" : "21694", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21694" - }, - { - "name" : "theaddressbook-contentheader-file-upload(31250)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in The Address Book 1.04e validates the Content-Type header but not the file extension, which allows remote attackers to upload arbitrary PHP scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secunia.com/secunia_research/2006-76/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-76/advisory/" + }, + { + "name": "32560", + "refsource": "OSVDB", + "url": "http://osvdb.org/32560" + }, + { + "name": "21870", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21870" + }, + { + "name": "theaddressbook-contentheader-file-upload(31250)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31250" + }, + { + "name": "21694", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21694" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4735.json b/2006/4xxx/CVE-2006-4735.json index 21faab9ddaf..2b067b0fcd2 100644 --- a/2006/4xxx/CVE-2006-4735.json +++ b/2006/4xxx/CVE-2006-4735.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain sensitive information via a direct request for (1) rss_fetch.inc.php or (2) rss_parse.inc.php, which reveals the path in various error messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060911 MagpieRSS (a simple RSS integration tool) Full path vul", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445729/100/0/threaded" - }, - { - "name" : "1564", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1564" - }, - { - "name" : "magpierss-multiple-path-disclosure(28858)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28858" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain sensitive information via a direct request for (1) rss_fetch.inc.php or (2) rss_parse.inc.php, which reveals the path in various error messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1564", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1564" + }, + { + "name": "20060911 MagpieRSS (a simple RSS integration tool) Full path vul", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445729/100/0/threaded" + }, + { + "name": "magpierss-multiple-path-disclosure(28858)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28858" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6806.json b/2006/6xxx/CVE-2006-6806.json index 4df7a442d0a..d6a0874d557 100644 --- a/2006/6xxx/CVE-2006-6806.json +++ b/2006/6xxx/CVE-2006-6806.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6806", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6806", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2990", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2990" - }, - { - "name" : "ADV-2006-5158", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5158" - }, - { - "name" : "23521", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23521" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2990", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2990" + }, + { + "name": "ADV-2006-5158", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5158" + }, + { + "name": "23521", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23521" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6870.json b/2006/6xxx/CVE-2006-6870.json index de95b77cb71..7baabfd8d85 100644 --- a/2006/6xxx/CVE-2006-6870.json +++ b/2006/6xxx/CVE-2006-6870.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2006-6870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.avahi.org/#December2006", - "refsource" : "CONFIRM", - "url" : "http://www.avahi.org/#December2006" - }, - { - "name" : "http://www.avahi.org/changeset/1340", - "refsource" : "CONFIRM", - "url" : "http://www.avahi.org/changeset/1340" - }, - { - "name" : "http://www.avahi.org/ticket/84", - "refsource" : "CONFIRM", - "url" : "http://www.avahi.org/ticket/84" - }, - { - "name" : "FEDORA-2007-018", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/cms/node/2362" - }, - { - "name" : "FEDORA-2007-019", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/cms/node/2408" - }, - { - "name" : "MDKSA-2007:003", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:003" - }, - { - "name" : "SUSE-SR:2007:007", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_007_suse.html" - }, - { - "name" : "USN-402-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-402-1" - }, - { - "name" : "21881", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21881" - }, - { - "name" : "ADV-2007-0071", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0071" - }, - { - "name" : "23628", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23628" - }, - { - "name" : "23660", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23660" - }, - { - "name" : "23673", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23673" - }, - { - "name" : "23644", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23644" - }, - { - "name" : "23782", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23782" - }, - { - "name" : "24995", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24995" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23673", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23673" + }, + { + "name": "MDKSA-2007:003", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:003" + }, + { + "name": "http://www.avahi.org/#December2006", + "refsource": "CONFIRM", + "url": "http://www.avahi.org/#December2006" + }, + { + "name": "ADV-2007-0071", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0071" + }, + { + "name": "23644", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23644" + }, + { + "name": "SUSE-SR:2007:007", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_007_suse.html" + }, + { + "name": "http://www.avahi.org/ticket/84", + "refsource": "CONFIRM", + "url": "http://www.avahi.org/ticket/84" + }, + { + "name": "FEDORA-2007-018", + "refsource": "FEDORA", + "url": "http://fedoranews.org/cms/node/2362" + }, + { + "name": "23660", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23660" + }, + { + "name": "24995", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24995" + }, + { + "name": "http://www.avahi.org/changeset/1340", + "refsource": "CONFIRM", + "url": "http://www.avahi.org/changeset/1340" + }, + { + "name": "FEDORA-2007-019", + "refsource": "FEDORA", + "url": "http://fedoranews.org/cms/node/2408" + }, + { + "name": "23628", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23628" + }, + { + "name": "23782", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23782" + }, + { + "name": "USN-402-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-402-1" + }, + { + "name": "21881", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21881" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7171.json b/2006/7xxx/CVE-2006-7171.json index f57c5273493..703f0757038 100644 --- a/2006/7xxx/CVE-2006-7171.json +++ b/2006/7xxx/CVE-2006-7171.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "product_review.php in Koan Software Mega Mall allows remote attackers to obtain the installation path via a request with an empty value of the x[] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061112 Mega Mall [ multiples injection sql & full path disclosure ]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=116343783720459&w=2" - }, - { - "name" : "megamall-productreview-path-disclosure(30215)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "product_review.php in Koan Software Mega Mall allows remote attackers to obtain the installation path via a request with an empty value of the x[] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "megamall-productreview-path-disclosure(30215)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30215" + }, + { + "name": "20061112 Mega Mall [ multiples injection sql & full path disclosure ]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=116343783720459&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2153.json b/2010/2xxx/CVE-2010-2153.json index 34aaf317209..c729129165a 100644 --- a/2010/2xxx/CVE-2010-2153.json +++ b/2010/2xxx/CVE-2010-2153.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in admin/code/tce_functions_tcecode_editor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in cache/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cross-site-scripting.blogspot.com/2010/06/tcexam-101006-arbitrary-upload.html", - "refsource" : "MISC", - "url" : "http://cross-site-scripting.blogspot.com/2010/06/tcexam-101006-arbitrary-upload.html" - }, - { - "name" : "http://www.packetstormsecurity.org/1006-exploits/tcexam-shell.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.org/1006-exploits/tcexam-shell.txt" - }, - { - "name" : "40511", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40511" - }, - { - "name" : "65052", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65052" - }, - { - "name" : "40011", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40011" - }, - { - "name" : "ADV-2010-1329", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1329" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in admin/code/tce_functions_tcecode_editor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in cache/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40011", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40011" + }, + { + "name": "65052", + "refsource": "OSVDB", + "url": "http://osvdb.org/65052" + }, + { + "name": "ADV-2010-1329", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1329" + }, + { + "name": "40511", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40511" + }, + { + "name": "http://cross-site-scripting.blogspot.com/2010/06/tcexam-101006-arbitrary-upload.html", + "refsource": "MISC", + "url": "http://cross-site-scripting.blogspot.com/2010/06/tcexam-101006-arbitrary-upload.html" + }, + { + "name": "http://www.packetstormsecurity.org/1006-exploits/tcexam-shell.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.org/1006-exploits/tcexam-shell.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2934.json b/2010/2xxx/CVE-2010-2934.json index ced5a8a0b80..1102089238f 100644 --- a/2010/2xxx/CVE-2010-2934.json +++ b/2010/2xxx/CVE-2010-2934.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in ZNC 0.092 allow remote attackers to cause a denial of service (exception and daemon crash) via unknown vectors related to \"unsafe substr() calls.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100809 CVE Request - ZNC", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128146352011964&w=2" - }, - { - "name" : "[oss-security] 20100809 Re: CVE Request - ZNC", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128146120727810&w=2" - }, - { - "name" : "[oss-security] 20100810 Re: Re: CVE Request - ZNC", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=128152390219401&w=2" - }, - { - "name" : "http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2095", - "refsource" : "CONFIRM", - "url" : "http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2095" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=622600", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=622600" - }, - { - "name" : "FEDORA-2010-12468", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045386.html" - }, - { - "name" : "FEDORA-2010-12481", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045385.html" - }, - { - "name" : "42314", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42314" - }, - { - "name" : "40919", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40919" - }, - { - "name" : "40970", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40970" - }, - { - "name" : "ADV-2010-2071", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2071" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in ZNC 0.092 allow remote attackers to cause a denial of service (exception and daemon crash) via unknown vectors related to \"unsafe substr() calls.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-2071", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2071" + }, + { + "name": "40919", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40919" + }, + { + "name": "http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2095", + "refsource": "CONFIRM", + "url": "http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2095" + }, + { + "name": "FEDORA-2010-12481", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045385.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=622600", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=622600" + }, + { + "name": "42314", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42314" + }, + { + "name": "[oss-security] 20100810 Re: Re: CVE Request - ZNC", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128152390219401&w=2" + }, + { + "name": "[oss-security] 20100809 CVE Request - ZNC", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128146352011964&w=2" + }, + { + "name": "[oss-security] 20100809 Re: CVE Request - ZNC", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=128146120727810&w=2" + }, + { + "name": "FEDORA-2010-12468", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045386.html" + }, + { + "name": "40970", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40970" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0043.json b/2011/0xxx/CVE-2011-0043.json index 45585749384..6c0924f3c90 100644 --- a/2011/0xxx/CVE-2011-0043.json +++ b/2011/0xxx/CVE-2011-0043.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka \"Kerberos Unkeyed Checksum Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-0043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/css/P8/documents/100127250", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100127250" - }, - { - "name" : "MS11-013", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-013" - }, - { - "name" : "46130", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46130" - }, - { - "name" : "70834", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70834" - }, - { - "name" : "oval:org.mitre.oval:def:12432", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12432" - }, - { - "name" : "1025048", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025048" - }, - { - "name" : "43251", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43251" - }, - { - "name" : "ADV-2011-0326", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0326" - }, - { - "name" : "ms-kerberos-checksum-privilege-escalation(64900)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64900" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka \"Kerberos Unkeyed Checksum Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.avaya.com/css/P8/documents/100127250", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100127250" + }, + { + "name": "43251", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43251" + }, + { + "name": "ms-kerberos-checksum-privilege-escalation(64900)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64900" + }, + { + "name": "oval:org.mitre.oval:def:12432", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12432" + }, + { + "name": "MS11-013", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-013" + }, + { + "name": "ADV-2011-0326", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0326" + }, + { + "name": "70834", + "refsource": "OSVDB", + "url": "http://osvdb.org/70834" + }, + { + "name": "1025048", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025048" + }, + { + "name": "46130", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46130" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0767.json b/2011/0xxx/CVE-2011-0767.json index 9004fa4e133..5eca62fcfdf 100644 --- a/2011/0xxx/CVE-2011-0767.json +++ b/2011/0xxx/CVE-2011-0767.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML via an HTTP request to a firewalled server, aka Bug ID 31759." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-0767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.secureworks.com/research/advisories/SWRX-2011-001/", - "refsource" : "MISC", - "url" : "http://www.secureworks.com/research/advisories/SWRX-2011-001/" - }, - { - "name" : "http://www.imperva.com/resources/adc/adc_advisories_response_secureworks.html", - "refsource" : "CONFIRM", - "url" : "http://www.imperva.com/resources/adc/adc_advisories_response_secureworks.html" - }, - { - "name" : "VU#567774", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/567774" - }, - { - "name" : "44772", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44772" - }, - { - "name" : "securesphere-web-server-xss(67779)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67779" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML via an HTTP request to a firewalled server, aka Bug ID 31759." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44772", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44772" + }, + { + "name": "http://www.secureworks.com/research/advisories/SWRX-2011-001/", + "refsource": "MISC", + "url": "http://www.secureworks.com/research/advisories/SWRX-2011-001/" + }, + { + "name": "securesphere-web-server-xss(67779)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67779" + }, + { + "name": "VU#567774", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/567774" + }, + { + "name": "http://www.imperva.com/resources/adc/adc_advisories_response_secureworks.html", + "refsource": "CONFIRM", + "url": "http://www.imperva.com/resources/adc/adc_advisories_response_secureworks.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0773.json b/2011/0xxx/CVE-2011-0773.json index 1984dcdd550..afc93ef2300 100644 --- a/2011/0xxx/CVE-2011-0773.json +++ b/2011/0xxx/CVE-2011-0773.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the image parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/view/97831/Pivotx222-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/97831/Pivotx222-xss.txt" - }, - { - "name" : "http://www.autosectools.com/Advisories/PivotX.2.2.2_Reflected.Cross-site.Scripting_76.html", - "refsource" : "MISC", - "url" : "http://www.autosectools.com/Advisories/PivotX.2.2.2_Reflected.Cross-site.Scripting_76.html" - }, - { - "name" : "http://blog.pivotx.net/2011-01-31/pivotx-223-released", - "refsource" : "CONFIRM", - "url" : "http://blog.pivotx.net/2011-01-31/pivotx-223-released" - }, - { - "name" : "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3459", - "refsource" : "CONFIRM", - "url" : "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3459" - }, - { - "name" : "http://twitter.com/pivotx/statuses/29889056263376898", - "refsource" : "CONFIRM", - "url" : "http://twitter.com/pivotx/statuses/29889056263376898" - }, - { - "name" : "45983", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45983" - }, - { - "name" : "70672", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70672" - }, - { - "name" : "43045", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43045" - }, - { - "name" : "8063", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8063" - }, - { - "name" : "pivotx-image-xss(64976)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64976" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the image parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3459", + "refsource": "CONFIRM", + "url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3459" + }, + { + "name": "pivotx-image-xss(64976)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64976" + }, + { + "name": "http://twitter.com/pivotx/statuses/29889056263376898", + "refsource": "CONFIRM", + "url": "http://twitter.com/pivotx/statuses/29889056263376898" + }, + { + "name": "43045", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43045" + }, + { + "name": "70672", + "refsource": "OSVDB", + "url": "http://osvdb.org/70672" + }, + { + "name": "http://blog.pivotx.net/2011-01-31/pivotx-223-released", + "refsource": "CONFIRM", + "url": "http://blog.pivotx.net/2011-01-31/pivotx-223-released" + }, + { + "name": "8063", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8063" + }, + { + "name": "45983", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45983" + }, + { + "name": "http://packetstormsecurity.org/files/view/97831/Pivotx222-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/97831/Pivotx222-xss.txt" + }, + { + "name": "http://www.autosectools.com/Advisories/PivotX.2.2.2_Reflected.Cross-site.Scripting_76.html", + "refsource": "MISC", + "url": "http://www.autosectools.com/Advisories/PivotX.2.2.2_Reflected.Cross-site.Scripting_76.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1235.json b/2011/1xxx/CVE-2011-1235.json index 179b98c915c..d6fb2304f2b 100644 --- a/2011/1xxx/CVE-2011-1235.json +++ b/2011/1xxx/CVE-2011-1235.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", - "refsource" : "MISC", - "url" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100133352", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100133352" - }, - { - "name" : "MS11-034", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" - }, - { - "name" : "TA11-102A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" - }, - { - "name" : "47212", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47212" - }, - { - "name" : "71750", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/71750" - }, - { - "name" : "oval:org.mitre.oval:def:12302", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12302" - }, - { - "name" : "1025345", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025345" - }, - { - "name" : "44156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44156" - }, - { - "name" : "ADV-2011-0952", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0952" - }, - { - "name" : "mswin-win32k-var23-priv-escalation(66417)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "71750", + "refsource": "OSVDB", + "url": "http://osvdb.org/71750" + }, + { + "name": "TA11-102A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" + }, + { + "name": "47212", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47212" + }, + { + "name": "oval:org.mitre.oval:def:12302", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12302" + }, + { + "name": "MS11-034", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" + }, + { + "name": "ADV-2011-0952", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0952" + }, + { + "name": "mswin-win32k-var23-priv-escalation(66417)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66417" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100133352", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100133352" + }, + { + "name": "44156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44156" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", + "refsource": "MISC", + "url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" + }, + { + "name": "1025345", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025345" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1534.json b/2011/1xxx/CVE-2011-1534.json index 8c22e22e08b..b0a7386ecd6 100644 --- a/2011/1xxx/CVE-2011-1534.json +++ b/2011/1xxx/CVE-2011-1534.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x allows remote authenticated users to obtain access to processes via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-1534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02659", - "refsource" : "HP", - "url" : "https://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02788734" - }, - { - "name" : "SSRT100440", - "refsource" : "HP", - "url" : "https://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02788734" - }, - { - "name" : "HPSBMU02708", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132094759631216&w=2" - }, - { - "name" : "SSRT100633", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132094759631216&w=2" - }, - { - "name" : "1025386", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025386" - }, - { - "name" : "44230", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44230" - }, - { - "name" : "ADV-2011-1024", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/1024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x allows remote authenticated users to obtain access to processes via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025386", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025386" + }, + { + "name": "ADV-2011-1024", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/1024" + }, + { + "name": "SSRT100633", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132094759631216&w=2" + }, + { + "name": "44230", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44230" + }, + { + "name": "HPSBMU02708", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132094759631216&w=2" + }, + { + "name": "HPSBMA02659", + "refsource": "HP", + "url": "https://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02788734" + }, + { + "name": "SSRT100440", + "refsource": "HP", + "url": "https://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02788734" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1602.json b/2011/1xxx/CVE-2011-1602.json index e70fcd64c93..aa7a8062151 100644 --- a/2011/1xxx/CVE-2011-1602.json +++ b/2011/1xxx/CVE-2011-1602.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The su utility on Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.0.3 allows local users to gain privileges via unspecified vectors, aka Bug ID CSCtf07426." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-1602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110601 Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80111.shtml" - }, - { - "name" : "48074", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48074" - }, - { - "name" : "72717", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/72717" - }, - { - "name" : "1025588", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025588" - }, - { - "name" : "44814", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44814/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The su utility on Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.0.3 allows local users to gain privileges via unspecified vectors, aka Bug ID CSCtf07426." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025588", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025588" + }, + { + "name": "48074", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48074" + }, + { + "name": "44814", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44814/" + }, + { + "name": "20110601 Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80111.shtml" + }, + { + "name": "72717", + "refsource": "OSVDB", + "url": "http://osvdb.org/72717" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1885.json b/2011/1xxx/CVE-2011-1885.json index b31d08eb50d..2726925a163 100644 --- a/2011/1xxx/CVE-2011-1885.json +++ b/2011/1xxx/CVE-2011-1885.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka \"Win32k Null Pointer De-reference Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/css/P8/documents/100144947", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100144947" - }, - { - "name" : "MS11-054", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-054" - }, - { - "name" : "TA11-193A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-193A.html" - }, - { - "name" : "48600", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48600" - }, - { - "name" : "73788", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/73788" - }, - { - "name" : "oval:org.mitre.oval:def:11951", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11951" - }, - { - "name" : "1025761", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025761" - }, - { - "name" : "45186", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45186" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka \"Win32k Null Pointer De-reference Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "73788", + "refsource": "OSVDB", + "url": "http://osvdb.org/73788" + }, + { + "name": "48600", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48600" + }, + { + "name": "oval:org.mitre.oval:def:11951", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11951" + }, + { + "name": "MS11-054", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-054" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100144947", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100144947" + }, + { + "name": "TA11-193A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-193A.html" + }, + { + "name": "45186", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45186" + }, + { + "name": "1025761", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025761" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3296.json b/2011/3xxx/CVE-2011-3296.json index 0206bfcbb35..7f66543be0c 100644 --- a/2011/3xxx/CVE-2011-3296.json +++ b/2011/3xxx/CVE-2011-3296.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when IPv6 is used, allows remote attackers to cause a denial of service (memory corruption and module crash or hang) via vectors that trigger syslog message 302015, aka Bug ID CSCti83875." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-3296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111005 Multiple Vulnerabilities in Cisco Firewall Services Module", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20111005-fwsm.shtml" - }, - { - "name" : "cisco-fwsm-syslog-dos(70326)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70326" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when IPv6 is used, allows remote attackers to cause a denial of service (memory corruption and module crash or hang) via vectors that trigger syslog message 302015, aka Bug ID CSCti83875." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-fwsm-syslog-dos(70326)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70326" + }, + { + "name": "20111005 Multiple Vulnerabilities in Cisco Firewall Services Module", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20111005-fwsm.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3679.json b/2011/3xxx/CVE-2011-3679.json index 91934b479fe..dd29729f3fa 100644 --- a/2011/3xxx/CVE-2011-3679.json +++ b/2011/3xxx/CVE-2011-3679.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3679", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-3679", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3926.json b/2011/3xxx/CVE-2011-3926.json index bd5619ff045..96ec048da70 100644 --- a/2011/3xxx/CVE-2011-3926.json +++ b/2011/3xxx/CVE-2011-3926.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the tree builder in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=109556", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=109556" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/01/stable-channel-update_23.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/01/stable-channel-update_23.html" - }, - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "oval:org.mitre.oval:def:14552", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14552" - }, - { - "name" : "1026569", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026569" - }, - { - "name" : "47694", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47694" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the tree builder in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2012/01/stable-channel-update_23.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/01/stable-channel-update_23.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=109556", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=109556" + }, + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "1026569", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026569" + }, + { + "name": "oval:org.mitre.oval:def:14552", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14552" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + }, + { + "name": "47694", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47694" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4165.json b/2011/4xxx/CVE-2011-4165.json index 1f829f0137f..c288ec4422f 100644 --- a/2011/4xxx/CVE-2011-4165.json +++ b/2011/4xxx/CVE-2011-4165.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1263." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-4165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02731", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132517846332173&w=2" - }, - { - "name" : "SSRT100518", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132517846332173&w=2" - }, - { - "name" : "51205", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51205" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1263." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100518", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132517846332173&w=2" + }, + { + "name": "HPSBMU02731", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132517846332173&w=2" + }, + { + "name": "51205", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51205" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4296.json b/2011/4xxx/CVE-2011-4296.json index a792c750724..054d648cadb 100644 --- a/2011/4xxx/CVE-2011-4296.json +++ b/2011/4xxx/CVE-2011-4296.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by leveraging this role." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/11/14/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=88d823c1f491a3c74f67bbf74306a8d1109dee02", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=88d823c1f491a3c74f67bbf74306a8d1109dee02" - }, - { - "name" : "http://moodle.org/mod/forum/discuss.php?d=182739", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/mod/forum/discuss.php?d=182739" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by leveraging this role." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/11/14/1" + }, + { + "name": "http://moodle.org/mod/forum/discuss.php?d=182739", + "refsource": "CONFIRM", + "url": "http://moodle.org/mod/forum/discuss.php?d=182739" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=88d823c1f491a3c74f67bbf74306a8d1109dee02", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=88d823c1f491a3c74f67bbf74306a8d1109dee02" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4611.json b/2011/4xxx/CVE-2011-4611.json index 7c84ea488a5..1ca4fde63e4 100644 --- a/2011/4xxx/CVE-2011-4611.json +++ b/2011/4xxx/CVE-2011-4611.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4611", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the perf_event_interrupt function in arch/powerpc/kernel/perf_event.c in the Linux kernel before 2.6.39 on powerpc platforms allows local users to cause a denial of service (unhandled performance monitor exception) via vectors that trigger certain outcomes of performance events." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111215 Re: CVE request - kernel: perf, powerpc: Handle events that raise an exception without overflowing", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/12/15/2" - }, - { - "name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", - "refsource" : "CONFIRM", - "url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0837e3242c73566fc1c0196b4ec61779c25ffc93", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0837e3242c73566fc1c0196b4ec61779c25ffc93" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=767914", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=767914" - }, - { - "name" : "https://github.com/torvalds/linux/commit/0837e3242c73566fc1c0196b4ec61779c25ffc93", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/0837e3242c73566fc1c0196b4ec61779c25ffc93" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the perf_event_interrupt function in arch/powerpc/kernel/perf_event.c in the Linux kernel before 2.6.39 on powerpc platforms allows local users to cause a denial of service (unhandled performance monitor exception) via vectors that trigger certain outcomes of performance events." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20111215 Re: CVE request - kernel: perf, powerpc: Handle events that raise an exception without overflowing", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/12/15/2" + }, + { + "name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", + "refsource": "CONFIRM", + "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" + }, + { + "name": "https://github.com/torvalds/linux/commit/0837e3242c73566fc1c0196b4ec61779c25ffc93", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/0837e3242c73566fc1c0196b4ec61779c25ffc93" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0837e3242c73566fc1c0196b4ec61779c25ffc93", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0837e3242c73566fc1c0196b4ec61779c25ffc93" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=767914", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=767914" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4632.json b/2011/4xxx/CVE-2011-4632.json index 11fb6bbc475..f6495da0c1d 100644 --- a/2011/4xxx/CVE-2011-4632.json +++ b/2011/4xxx/CVE-2011-4632.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4632", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4632", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4752.json b/2011/4xxx/CVE-2011-4752.json index e0c7e1ce053..949962ea69d 100644 --- a/2011/4xxx/CVE-2011-4752.json +++ b/2011/4xxx/CVE-2011-4752.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4752", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html", - "refsource" : "MISC", - "url" : "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html" - }, - { - "name" : "smarterstat-ctheader-unspecified(72204)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html", + "refsource": "MISC", + "url": "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html" + }, + { + "name": "smarterstat-ctheader-unspecified(72204)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72204" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4821.json b/2011/4xxx/CVE-2011-4821.json index 0340113e433..f9abbc4f94b 100644 --- a/2011/4xxx/CVE-2011-4821.json +++ b/2011/4xxx/CVE-2011-4821.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the TFTP server in D-Link DIR-601 Wireless N150 Home Router with firmware 1.02NA allows remote attackers to read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120125 D-Link DIR-601 TFTP Directory Traversal Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/521369" - }, - { - "name" : "http://www.solutionary.com/research/vulnerability-disclosures/2012/01/d-link-dir-601-tftp-directory-traversal-vulnerability", - "refsource" : "MISC", - "url" : "http://www.solutionary.com/research/vulnerability-disclosures/2012/01/d-link-dir-601-tftp-directory-traversal-vulnerability" - }, - { - "name" : "51659", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51659" - }, - { - "name" : "47762", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47762" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the TFTP server in D-Link DIR-601 Wireless N150 Home Router with firmware 1.02NA allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.solutionary.com/research/vulnerability-disclosures/2012/01/d-link-dir-601-tftp-directory-traversal-vulnerability", + "refsource": "MISC", + "url": "http://www.solutionary.com/research/vulnerability-disclosures/2012/01/d-link-dir-601-tftp-directory-traversal-vulnerability" + }, + { + "name": "51659", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51659" + }, + { + "name": "47762", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47762" + }, + { + "name": "20120125 D-Link DIR-601 TFTP Directory Traversal Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/521369" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5274.json b/2011/5xxx/CVE-2011-5274.json index f0d75854e46..4cc1cc50d77 100644 --- a/2011/5xxx/CVE-2011-5274.json +++ b/2011/5xxx/CVE-2011-5274.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the dtcpkg_directory parameter in a do_install action to dtc/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;h=dec9970db76b82295e9003ca34cecab8d629da4f;hb=65a7a1b166ea3c4325efd4da80a78498c829aa5a", - "refsource" : "CONFIRM", - "url" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;h=dec9970db76b82295e9003ca34cecab8d629da4f;hb=65a7a1b166ea3c4325efd4da80a78498c829aa5a" - }, - { - "name" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=541d8457a6989a1a925bb866ed972a5f07c2de64", - "refsource" : "CONFIRM", - "url" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=541d8457a6989a1a925bb866ed972a5f07c2de64" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637630", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637630" - }, - { - "name" : "DSA-2365", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2365" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the dtcpkg_directory parameter in a do_install action to dtc/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=541d8457a6989a1a925bb866ed972a5f07c2de64", + "refsource": "CONFIRM", + "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=541d8457a6989a1a925bb866ed972a5f07c2de64" + }, + { + "name": "DSA-2365", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2365" + }, + { + "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;h=dec9970db76b82295e9003ca34cecab8d629da4f;hb=65a7a1b166ea3c4325efd4da80a78498c829aa5a", + "refsource": "CONFIRM", + "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;h=dec9970db76b82295e9003ca34cecab8d629da4f;hb=65a7a1b166ea3c4325efd4da80a78498c829aa5a" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637630", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637630" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2198.json b/2014/2xxx/CVE-2014-2198.json index 9d5cbf091ec..8a25cb5560e 100644 --- a/2014/2xxx/CVE-2014-2198.json +++ b/2014/2xxx/CVE-2014-2198.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2198", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the support and root accounts by extracting this key from a binary file found in a different installation of the product, aka Bug ID CSCud41130." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-2198", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140702 Multiple Vulnerabilities in Cisco Unified Communications Domain Manager", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm" - }, - { - "name" : "20140702 Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Unified Communications Domain Manager", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689" - }, - { - "name" : "68334", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68334" - }, - { - "name" : "1030515", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030515" - }, - { - "name" : "59544", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59544" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the support and root accounts by extracting this key from a binary file found in a different installation of the product, aka Bug ID CSCud41130." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59544", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59544" + }, + { + "name": "68334", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68334" + }, + { + "name": "1030515", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030515" + }, + { + "name": "20140702 Multiple Vulnerabilities in Cisco Unified Communications Domain Manager", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm" + }, + { + "name": "20140702 Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Unified Communications Domain Manager", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2384.json b/2014/2xxx/CVE-2014-2384.json index 710bb35221e..a75382a4f2f 100644 --- a/2014/2xxx/CVE-2014-2384.json +++ b/2014/2xxx/CVE-2014-2384.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via a crafted buffer in an IOCTL call. NOTE: the researcher reports \"Vendor rated issue as non-exploitable.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140411 CVE-2014-2384 - Invalid Pointer Dereference in VMware Workstation and Player", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Apr/163" - }, - { - "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2384/", - "refsource" : "MISC", - "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2384/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via a crafted buffer in an IOCTL call. NOTE: the researcher reports \"Vendor rated issue as non-exploitable.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140411 CVE-2014-2384 - Invalid Pointer Dereference in VMware Workstation and Player", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Apr/163" + }, + { + "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2384/", + "refsource": "MISC", + "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2384/" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2688.json b/2014/2xxx/CVE-2014-2688.json index aa3647ad94d..146ebf18f20 100644 --- a/2014/2xxx/CVE-2014-2688.json +++ b/2014/2xxx/CVE-2014-2688.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2688", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2688", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3584.json b/2014/3xxx/CVE-2014-3584.json index 456c6b5928c..b4967a99c2c 100644 --- a/2014/3xxx/CVE-2014-3584.json +++ b/2014/3xxx/CVE-2014-3584.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20141024 New security advisories released for Apache CXF", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q4/437" - }, - { - "name" : "http://cxf.apache.org/security-advisories.data/CVE-2014-3584.txt.asc", - "refsource" : "CONFIRM", - "url" : "http://cxf.apache.org/security-advisories.data/CVE-2014-3584.txt.asc" - }, - { - "name" : "70738", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70738" - }, - { - "name" : "61909", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61909" - }, - { - "name" : "apache-cxf-cve20143584-dos(97753)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97753" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20141024 New security advisories released for Apache CXF", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q4/437" + }, + { + "name": "61909", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61909" + }, + { + "name": "70738", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70738" + }, + { + "name": "apache-cxf-cve20143584-dos(97753)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97753" + }, + { + "name": "http://cxf.apache.org/security-advisories.data/CVE-2014-3584.txt.asc", + "refsource": "CONFIRM", + "url": "http://cxf.apache.org/security-advisories.data/CVE-2014-3584.txt.asc" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6133.json b/2014/6xxx/CVE-2014-6133.json index 4fa0db88c76..4e3b74779fb 100644 --- a/2014/6xxx/CVE-2014-6133.json +++ b/2014/6xxx/CVE-2014-6133.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM API Management 3.x before 3.0.1.0 allows local users to obtain sensitive ciphertext information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686801", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686801" - }, - { - "name" : "LI78229", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1LI78229" - }, - { - "name" : "ibm-api-cve20146133-info-disc(96813)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96813" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM API Management 3.x before 3.0.1.0 allows local users to obtain sensitive ciphertext information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686801", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686801" + }, + { + "name": "LI78229", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI78229" + }, + { + "name": "ibm-api-cve20146133-info-disc(96813)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96813" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6256.json b/2014/6xxx/CVE-2014-6256.json index 98d59598ad8..dd730ce5155 100644 --- a/2014/6xxx/CVE-2014-6256.json +++ b/2014/6xxx/CVE-2014-6256.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions and place files in a directory with public (1) read or (2) execute access via a move action, aka ZEN-15386." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing", - "refsource" : "CONFIRM", - "url" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing" - }, - { - "name" : "VU#449452", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/449452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions and place files in a directory with public (1) read or (2) execute access via a move action, aka ZEN-15386." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#449452", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/449452" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing", + "refsource": "CONFIRM", + "url": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6292.json b/2014/6xxx/CVE-2014-6292.json index d5fe91c9308..5d22a74edad 100644 --- a/2014/6xxx/CVE-2014-6292.json +++ b/2014/6xxx/CVE-2014-6292.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The femanager extension before 1.0.9 for TYPO3 allows remote frontend users to modify or delete the records of other frontend users via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/", - "refsource" : "MISC", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/" - }, - { - "name" : "http://typo3.org/extensions/repository/view/femanager", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/femanager" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The femanager extension before 1.0.9 for TYPO3 allows remote frontend users to modify or delete the records of other frontend users via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/extensions/repository/view/femanager", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/femanager" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/", + "refsource": "MISC", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6911.json b/2014/6xxx/CVE-2014-6911.json index 27604383671..bd444064964 100644 --- a/2014/6xxx/CVE-2014-6911.json +++ b/2014/6xxx/CVE-2014-6911.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The diziturky HD 2015 (aka com.adv.diziturky) application 2014 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#871313", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/871313" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The diziturky HD 2015 (aka com.adv.diziturky) application 2014 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#871313", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/871313" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7649.json b/2014/7xxx/CVE-2014-7649.json index a2aafa8b9d5..c5db125d5f3 100644 --- a/2014/7xxx/CVE-2014-7649.json +++ b/2014/7xxx/CVE-2014-7649.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Classic Car Buyer (aka com.magazinecloner.carbuyer) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#950689", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/950689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Classic Car Buyer (aka com.magazinecloner.carbuyer) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#950689", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/950689" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7797.json b/2014/7xxx/CVE-2014-7797.json index d9d97b6e3b6..21fe1437499 100644 --- a/2014/7xxx/CVE-2014-7797.json +++ b/2014/7xxx/CVE-2014-7797.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Thai food (aka com.foods.thaifood) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#307849", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/307849" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Thai food (aka com.foods.thaifood) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#307849", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/307849" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7870.json b/2014/7xxx/CVE-2014-7870.json index c1634408734..af0ef890040 100644 --- a/2014/7xxx/CVE-2014-7870.json +++ b/2014/7xxx/CVE-2014-7870.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with the \"administer custom search\" permission to inject arbitrary web script or HTML via the \"Label text\" field to admin/config/search/custom_search/results." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140403 Drupal Custom Search module XSS", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Apr/41" - }, - { - "name" : "https://www.drupal.org/node/2231665", - "refsource" : "MISC", - "url" : "https://www.drupal.org/node/2231665" - }, - { - "name" : "https://www.drupal.org/node/2231531", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2231531" - }, - { - "name" : "https://www.drupal.org/node/2231533", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/node/2231533" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with the \"administer custom search\" permission to inject arbitrary web script or HTML via the \"Label text\" field to admin/config/search/custom_search/results." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.drupal.org/node/2231531", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2231531" + }, + { + "name": "https://www.drupal.org/node/2231665", + "refsource": "MISC", + "url": "https://www.drupal.org/node/2231665" + }, + { + "name": "20140403 Drupal Custom Search module XSS", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Apr/41" + }, + { + "name": "https://www.drupal.org/node/2231533", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/node/2231533" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0007.json b/2017/0xxx/CVE-2017-0007.json index afb891295d0..c650832326d 100644 --- a/2017/0xxx/CVE-2017-0007.json +++ b/2017/0xxx/CVE-2017-0007.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Device Guard", - "version" : { - "version_data" : [ - { - "version_value" : "Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to modify PowerShell script without invalidating associated signatures, aka \"PowerShell Security Feature Bypass Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Device Guard", + "version": { + "version_data": [ + { + "version_value": "Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://enigma0x3.net/2017/04/03/defeating-device-guard-a-look-into-cve-2017-0007/", - "refsource" : "MISC", - "url" : "https://enigma0x3.net/2017/04/03/defeating-device-guard-a-look-into-cve-2017-0007/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0007", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0007" - }, - { - "name" : "96018", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96018" - }, - { - "name" : "1038001", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to modify PowerShell script without invalidating associated signatures, aka \"PowerShell Security Feature Bypass Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://enigma0x3.net/2017/04/03/defeating-device-guard-a-look-into-cve-2017-0007/", + "refsource": "MISC", + "url": "https://enigma0x3.net/2017/04/03/defeating-device-guard-a-look-into-cve-2017-0007/" + }, + { + "name": "96018", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96018" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0007", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0007" + }, + { + "name": "1038001", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038001" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0032.json b/2017/0xxx/CVE-2017-0032.json index 25c4bee4d99..798d95510de 100644 --- a/2017/0xxx/CVE-2017-0032.json +++ b/2017/0xxx/CVE-2017-0032.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Browser", - "version" : { - "version_data" : [ - { - "version_value" : "Browser" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Browser", + "version": { + "version_data": [ + { + "version_value": "Browser" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0032", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0032" - }, - { - "name" : "96080", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96080" - }, - { - "name" : "1038006", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038006" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0032", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0032" + }, + { + "name": "96080", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96080" + }, + { + "name": "1038006", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038006" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0341.json b/2017/0xxx/CVE-2017-0341.json index e44173ce609..6a50768c189 100644 --- a/2017/0xxx/CVE-2017-0341.json +++ b/2017/0xxx/CVE-2017-0341.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2017-0341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GPU Display Driver", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input can trigger an access to a pointer that has not been initialized which may lead to denial of service or potential escalation of privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service, Escalation of Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2017-0341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GPU Display Driver", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4462", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4462" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input can trigger an access to a pointer that has not been initialized which may lead to denial of service or potential escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service, Escalation of Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4462", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4462" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0460.json b/2017/0xxx/CVE-2017-0460.json index 87bdaf48f6b..1e1c1a1f4ac 100644 --- a/2017/0xxx/CVE-2017-0460.json +++ b/2017/0xxx/CVE-2017-0460.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31252965. References: QC-CR#1098801." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01" - }, - { - "name" : "https://www.codeaurora.org/out-memory-and-out-bounds-vulnerability-while-handling-netlink-messages-cve-2017-0460", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/out-memory-and-out-bounds-vulnerability-while-handling-netlink-messages-cve-2017-0460" - }, - { - "name" : "96948", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96948" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31252965. References: QC-CR#1098801." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "https://www.codeaurora.org/out-memory-and-out-bounds-vulnerability-while-handling-netlink-messages-cve-2017-0460", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/out-memory-and-out-bounds-vulnerability-while-handling-netlink-messages-cve-2017-0460" + }, + { + "name": "96948", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96948" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1419.json b/2017/1xxx/CVE-2017-1419.json index 8d18224b49c..62f66b40c3a 100644 --- a/2017/1xxx/CVE-2017-1419.json +++ b/2017/1xxx/CVE-2017-1419.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1419", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1419", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1498.json b/2017/1xxx/CVE-2017-1498.json index d6ba8300929..5b49f9d06c2 100644 --- a/2017/1xxx/CVE-2017-1498.json +++ b/2017/1xxx/CVE-2017-1498.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-12-04T00:00:00", - "ID" : "CVE-2017-1498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Connections", - "version" : { - "version_data" : [ - { - "version_value" : "5.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129020." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-12-04T00:00:00", + "ID": "CVE-2017-1498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Connections", + "version": { + "version_data": [ + { + "version_value": "5.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129020", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129020" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006286", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006286" - }, - { - "name" : "102048", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129020." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102048", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102048" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129020", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129020" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22006286", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22006286" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1883.json b/2017/1xxx/CVE-2017-1883.json index 9e6acf55cc7..d6dc662a513 100644 --- a/2017/1xxx/CVE-2017-1883.json +++ b/2017/1xxx/CVE-2017-1883.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1883", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1883", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5054.json b/2017/5xxx/CVE-2017-5054.json index 72c962a66c1..881947a9986 100644 --- a/2017/5xxx/CVE-2017-5054.json +++ b/2017/5xxx/CVE-2017-5054.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 57.0.2987.133 for Linux, Windows and Mac, and 57.0.2987.132 for Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 57.0.2987.133 for Linux, Windows and Mac, and 57.0.2987.132 for Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 57.0.2987.133 for Linux, Windows and Mac, and 57.0.2987.132 for Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 57.0.2987.133 for Linux, Windows and Mac, and 57.0.2987.132 for Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html" - }, - { - "name" : "https://crbug.com/699166", - "refsource" : "MISC", - "url" : "https://crbug.com/699166" - }, - { - "name" : "GLSA-201704-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201704-02" - }, - { - "name" : "RHSA-2017:0860", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0860" - }, - { - "name" : "97220", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97220" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97220", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97220" + }, + { + "name": "RHSA-2017:0860", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0860" + }, + { + "name": "GLSA-201704-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201704-02" + }, + { + "name": "https://crbug.com/699166", + "refsource": "MISC", + "url": "https://crbug.com/699166" + }, + { + "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5904.json b/2017/5xxx/CVE-2017-5904.json index d1ff16b7893..0ddf79780a9 100644 --- a/2017/5xxx/CVE-2017-5904.json +++ b/2017/5xxx/CVE-2017-5904.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5904", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5904", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file