diff --git a/2006/3xxx/CVE-2006-3015.json b/2006/3xxx/CVE-2006-3015.json index 715c7e30821..49e2f435d68 100644 --- a/2006/3xxx/CVE-2006-3015.json +++ b/2006/3xxx/CVE-2006-3015.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060611 WinSCP - URI Handler Command Switch Parsing", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046810.html" - }, - { - "name" : "20060310 WinSCP - URI Handler Command Switch Parsing", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0196.html" - }, - { - "name" : "http://winscp.net/eng/docs/history#3.8.2", - "refsource" : "CONFIRM", - "url" : "http://winscp.net/eng/docs/history#3.8.2" - }, - { - "name" : "VU#912588", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/912588" - }, - { - "name" : "18384", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18384" - }, - { - "name" : "ADV-2006-2289", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2289" - }, - { - "name" : "20575", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20575" - }, - { - "name" : "winscp-uri-handler-command-execution(27075)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27075" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "winscp-uri-handler-command-execution(27075)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27075" + }, + { + "name": "http://winscp.net/eng/docs/history#3.8.2", + "refsource": "CONFIRM", + "url": "http://winscp.net/eng/docs/history#3.8.2" + }, + { + "name": "20060611 WinSCP - URI Handler Command Switch Parsing", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046810.html" + }, + { + "name": "20060310 WinSCP - URI Handler Command Switch Parsing", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0196.html" + }, + { + "name": "20575", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20575" + }, + { + "name": "ADV-2006-2289", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2289" + }, + { + "name": "18384", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18384" + }, + { + "name": "VU#912588", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/912588" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3151.json b/2006/3xxx/CVE-2006-3151.json index fa01d420caf..592096a1e90 100644 --- a/2006/3xxx/CVE-2006-3151.json +++ b/2006/3xxx/CVE-2006-3151.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD (aka ACID) 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/associated-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/associated-xss-vuln.html" - }, - { - "name" : "18541", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18541" - }, - { - "name" : "ADV-2006-2444", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2444" - }, - { - "name" : "26672", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26672" - }, - { - "name" : "20725", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20725" - }, - { - "name" : "associated-index-xss(27255)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD (aka ACID) 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18541", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18541" + }, + { + "name": "http://pridels0.blogspot.com/2006/06/associated-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/associated-xss-vuln.html" + }, + { + "name": "ADV-2006-2444", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2444" + }, + { + "name": "20725", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20725" + }, + { + "name": "26672", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26672" + }, + { + "name": "associated-index-xss(27255)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27255" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3539.json b/2006/3xxx/CVE-2006-3539.json index 457e58e1e16..bb99e2f59e9 100644 --- a/2006/3xxx/CVE-2006-3539.json +++ b/2006/3xxx/CVE-2006-3539.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in DKScript.com Dragon's Kingdom Script 1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the (1) Subject and (2) Message fields in a do=write (aka Send Mail Message) action in gamemail.php; the (3) Gender, (4) Country/Location, (5) MSN Messenger, (6) AOL Instant Messenger, (7) Yahoo Instant Messenger, and (8) ICQ fields in a do=onlinechar (aka Edit your Profile) action in index.php, as accessed by dk.php; a javascript URI in the SRC attribute of an IMG element in the (9) Title and (10) Message fields in a do=new (aka Create Thread) action in general.php; and a javascript URI in the SRC attribute of an IMG element in unspecified fields in (11) other Forum posts and (12) Forum replies." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060618 Dragons Kingdom v1.0 - XSS & cookie disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437753/100/0/threaded" - }, - { - "name" : "http://www.youfucktard.com/xsp/dragking1.jpg", - "refsource" : "MISC", - "url" : "http://www.youfucktard.com/xsp/dragking1.jpg" - }, - { - "name" : "http://www.youfucktard.com/xsp/dragking2.jpg", - "refsource" : "MISC", - "url" : "http://www.youfucktard.com/xsp/dragking2.jpg" - }, - { - "name" : "http://www.youfucktard.com/xsp/dragking3.jpg", - "refsource" : "MISC", - "url" : "http://www.youfucktard.com/xsp/dragking3.jpg" - }, - { - "name" : "http://www.youfucktard.com/xsp/dragking4.jpg", - "refsource" : "MISC", - "url" : "http://www.youfucktard.com/xsp/dragking4.jpg" - }, - { - "name" : "http://www.youfucktard.com/xsp/dragking5.jpg", - "refsource" : "MISC", - "url" : "http://www.youfucktard.com/xsp/dragking5.jpg" - }, - { - "name" : "http://www.youfucktard.com/xsp/dragking6.jpg", - "refsource" : "MISC", - "url" : "http://www.youfucktard.com/xsp/dragking6.jpg" - }, - { - "name" : "http://www.youfucktard.com/xsp/dragking7.jpg", - "refsource" : "MISC", - "url" : "http://www.youfucktard.com/xsp/dragking7.jpg" - }, - { - "name" : "18535", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18535" - }, - { - "name" : "ADV-2006-2439", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2439" - }, - { - "name" : "20662", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20662" - }, - { - "name" : "dragons-kingdom-multiple-xss(27390)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27390" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in DKScript.com Dragon's Kingdom Script 1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the (1) Subject and (2) Message fields in a do=write (aka Send Mail Message) action in gamemail.php; the (3) Gender, (4) Country/Location, (5) MSN Messenger, (6) AOL Instant Messenger, (7) Yahoo Instant Messenger, and (8) ICQ fields in a do=onlinechar (aka Edit your Profile) action in index.php, as accessed by dk.php; a javascript URI in the SRC attribute of an IMG element in the (9) Title and (10) Message fields in a do=new (aka Create Thread) action in general.php; and a javascript URI in the SRC attribute of an IMG element in unspecified fields in (11) other Forum posts and (12) Forum replies." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20662", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20662" + }, + { + "name": "ADV-2006-2439", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2439" + }, + { + "name": "dragons-kingdom-multiple-xss(27390)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27390" + }, + { + "name": "18535", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18535" + }, + { + "name": "http://www.youfucktard.com/xsp/dragking5.jpg", + "refsource": "MISC", + "url": "http://www.youfucktard.com/xsp/dragking5.jpg" + }, + { + "name": "http://www.youfucktard.com/xsp/dragking2.jpg", + "refsource": "MISC", + "url": "http://www.youfucktard.com/xsp/dragking2.jpg" + }, + { + "name": "http://www.youfucktard.com/xsp/dragking6.jpg", + "refsource": "MISC", + "url": "http://www.youfucktard.com/xsp/dragking6.jpg" + }, + { + "name": "20060618 Dragons Kingdom v1.0 - XSS & cookie disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437753/100/0/threaded" + }, + { + "name": "http://www.youfucktard.com/xsp/dragking4.jpg", + "refsource": "MISC", + "url": "http://www.youfucktard.com/xsp/dragking4.jpg" + }, + { + "name": "http://www.youfucktard.com/xsp/dragking3.jpg", + "refsource": "MISC", + "url": "http://www.youfucktard.com/xsp/dragking3.jpg" + }, + { + "name": "http://www.youfucktard.com/xsp/dragking7.jpg", + "refsource": "MISC", + "url": "http://www.youfucktard.com/xsp/dragking7.jpg" + }, + { + "name": "http://www.youfucktard.com/xsp/dragking1.jpg", + "refsource": "MISC", + "url": "http://www.youfucktard.com/xsp/dragking1.jpg" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4604.json b/2006/4xxx/CVE-2006-4604.json index 5bdcb0da5b8..9adf2d38b40 100644 --- a/2006/4xxx/CVE-2006-4604.json +++ b/2006/4xxx/CVE-2006-4604.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in LFXlib/access_manager.php in Lanifex Database of Managed Objects (DMO) 2.3 Beta and earlier allows remote attackers to execute arbitrary PHP code via the _incMgr parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2280", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2280" - }, - { - "name" : "19773", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19773" - }, - { - "name" : "lanifex-accessmanager-file-include(28673)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28673" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in LFXlib/access_manager.php in Lanifex Database of Managed Objects (DMO) 2.3 Beta and earlier allows remote attackers to execute arbitrary PHP code via the _incMgr parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "lanifex-accessmanager-file-include(28673)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28673" + }, + { + "name": "19773", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19773" + }, + { + "name": "2280", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2280" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4637.json b/2006/4xxx/CVE-2006-4637.json index b445bb99e84..b678e8499c6 100644 --- a/2006/4xxx/CVE-2006-4637.json +++ b/2006/4xxx/CVE-2006-4637.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4637", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in ACGV News 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the PathNews parameter in (1) header.php or (2) news.php. NOTE: portions of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060907 ACGV News v0.9.1 - Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445575/100/0/threaded" - }, - { - "name" : "19863", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19863" - }, - { - "name" : "ADV-2006-3475", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3475" - }, - { - "name" : "1016816", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016816" - }, - { - "name" : "21765", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21765" - }, - { - "name" : "acgvnews-pathnews-file-include(28763)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in ACGV News 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the PathNews parameter in (1) header.php or (2) news.php. NOTE: portions of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "acgvnews-pathnews-file-include(28763)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28763" + }, + { + "name": "ADV-2006-3475", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3475" + }, + { + "name": "1016816", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016816" + }, + { + "name": "21765", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21765" + }, + { + "name": "19863", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19863" + }, + { + "name": "20060907 ACGV News v0.9.1 - Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445575/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4641.json b/2006/4xxx/CVE-2006-4641.json index 170a1de8450..e40a9dce731 100644 --- a/2006/4xxx/CVE-2006-4641.json +++ b/2006/4xxx/CVE-2006-4641.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in kategori.asp in Muratsoft Haber Portal 3.6 allows remote attackers to execute arbitrary SQL commands via the kat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2294", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2294" - }, - { - "name" : "19821", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19821" - }, - { - "name" : "muratsoft-kategori-sql-injection(28724)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28724" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in kategori.asp in Muratsoft Haber Portal 3.6 allows remote attackers to execute arbitrary SQL commands via the kat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19821", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19821" + }, + { + "name": "muratsoft-kategori-sql-injection(28724)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28724" + }, + { + "name": "2294", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2294" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4667.json b/2006/4xxx/CVE-2006-4667.json index c8d02dc61fd..ca041cbd996 100644 --- a/2006/4xxx/CVE-2006-4667.json +++ b/2006/4xxx/CVE-2006-4667.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4667", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in (a) class/sessions.class.php, and the (2) timezone_offset and (3) umode parameters in (b) class/xoopsuser.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4667", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060907 Sql injection in RunCMS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445524/100/0/threaded" - }, - { - "name" : "http://www.hackers.ir/advisories/runcms.html", - "refsource" : "MISC", - "url" : "http://www.hackers.ir/advisories/runcms.html" - }, - { - "name" : "http://www.runcms.org/modules/mydownloads/viewcat.php?cid=5", - "refsource" : "CONFIRM", - "url" : "http://www.runcms.org/modules/mydownloads/viewcat.php?cid=5" - }, - { - "name" : "19913", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19913" - }, - { - "name" : "ADV-2006-3522", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3522" - }, - { - "name" : "28616", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28616" - }, - { - "name" : "28617", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28617" - }, - { - "name" : "21814", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21814" - }, - { - "name" : "1532", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1532" - }, - { - "name" : "runcms-sessions-sql-injection(28806)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28806" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in (a) class/sessions.class.php, and the (2) timezone_offset and (3) umode parameters in (b) class/xoopsuser.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1532", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1532" + }, + { + "name": "20060907 Sql injection in RunCMS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445524/100/0/threaded" + }, + { + "name": "28616", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28616" + }, + { + "name": "ADV-2006-3522", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3522" + }, + { + "name": "28617", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28617" + }, + { + "name": "21814", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21814" + }, + { + "name": "19913", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19913" + }, + { + "name": "http://www.hackers.ir/advisories/runcms.html", + "refsource": "MISC", + "url": "http://www.hackers.ir/advisories/runcms.html" + }, + { + "name": "http://www.runcms.org/modules/mydownloads/viewcat.php?cid=5", + "refsource": "CONFIRM", + "url": "http://www.runcms.org/modules/mydownloads/viewcat.php?cid=5" + }, + { + "name": "runcms-sessions-sql-injection(28806)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28806" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4778.json b/2006/4xxx/CVE-2006-4778.json index 9df4b7b8750..45ac5458b88 100644 --- a/2006/4xxx/CVE-2006-4778.json +++ b/2006/4xxx/CVE-2006-4778.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4778", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Creative Commons Tools ccHost before 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URL, which is used to populate the file ID. NOTE: Some details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4778", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=445818&group_id=80503", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=445818&group_id=80503" - }, - { - "name" : "19978", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19978" - }, - { - "name" : "ADV-2006-3567", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3567" - }, - { - "name" : "21822", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21822" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Creative Commons Tools ccHost before 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URL, which is used to populate the file ID. NOTE: Some details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19978", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19978" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=445818&group_id=80503", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=445818&group_id=80503" + }, + { + "name": "21822", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21822" + }, + { + "name": "ADV-2006-3567", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3567" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4946.json b/2006/4xxx/CVE-2006-4946.json index c8318d9f855..13345ebbe21 100644 --- a/2006/4xxx/CVE-2006-4946.json +++ b/2006/4xxx/CVE-2006-4946.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in include/startup.inc.php in CMSDevelopment Business Card Web Builder (BCWB) 0.99, and possibly 2.5 Beta and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2399", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2399" - }, - { - "name" : "20116", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20116" - }, - { - "name" : "ADV-2006-3706", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3706" - }, - { - "name" : "22024", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22024" - }, - { - "name" : "bcwb-startup-file-include(29039)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29039" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in include/startup.inc.php in CMSDevelopment Business Card Web Builder (BCWB) 0.99, and possibly 2.5 Beta and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20116", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20116" + }, + { + "name": "ADV-2006-3706", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3706" + }, + { + "name": "2399", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2399" + }, + { + "name": "22024", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22024" + }, + { + "name": "bcwb-startup-file-include(29039)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29039" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6013.json b/2006/6xxx/CVE-2006-6013.json index a37d14a4bf9..19d58bde4a8 100644 --- a/2006/6xxx/CVE-2006-6013.json +++ b/2006/6xxx/CVE-2006-6013.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. NOTE: this issue has been labeled as an integer overflow, but it is more like an integer signedness error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061115 DragonFlyBSD all versions FireWire IOCTL kernel integer overflow information disclousure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451677/100/0/threaded" - }, - { - "name" : "20061115 FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451629/100/0/threaded" - }, - { - "name" : "20061115 NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451637/100/0/threaded" - }, - { - "name" : "20061115 TrustedBSD* all versions FireWire IOCTL kernel integer overflow information disclousure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451698/100/0/threaded" - }, - { - "name" : "20061116 Re: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451861/100/0/threaded" - }, - { - "name" : "20061120 RE: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452124/100/0/threaded" - }, - { - "name" : "20061121 Clarifying integer overflows vs. signedness errors", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452264/100/0/threaded" - }, - { - "name" : "20061122 Re: Clarifying integer overflows vs. signedness errors", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452331/100/0/threaded" - }, - { - "name" : "20061115 NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0261.html" - }, - { - "name" : "[tech-security] 20061116 Re: [Full-disclosure] NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure", - "refsource" : "MLIST", - "url" : "http://mail-index.netbsd.org/tech-security/2006/11/16/0001.html" - }, - { - "name" : "[tech-security] 20061214 NetBSD Security Note 20061214-1: Kernel memory leakage in firewire interface", - "refsource" : "MLIST", - "url" : "http://mail-index.netbsd.org/tech-security/2006/12/14/0002.html" - }, - { - "name" : "http://www.dragonflybsd.org/cvsweb/src/sys/bus/firewire/fwdev.c", - "refsource" : "MISC", - "url" : "http://www.dragonflybsd.org/cvsweb/src/sys/bus/firewire/fwdev.c" - }, - { - "name" : "http://www.kernelhacking.com/bsdadv1.txt", - "refsource" : "MISC", - "url" : "http://www.kernelhacking.com/bsdadv1.txt" - }, - { - "name" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/ieee1394/fwdev.c", - "refsource" : "CONFIRM", - "url" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/ieee1394/fwdev.c" - }, - { - "name" : "FreeBSD-SA-06:25", - "refsource" : "FREEBSD", - "url" : "http://security.freebsd.org/advisories/FreeBSD-SA-06:25.kmem.asc" - }, - { - "name" : "21089", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21089" - }, - { - "name" : "1017344", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017344" - }, - { - "name" : "22917", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22917" - }, - { - "name" : "freebsd-fwdev-integer-overflow(30347)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30347" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. NOTE: this issue has been labeled as an integer overflow, but it is more like an integer signedness error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061116 Re: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451861/100/0/threaded" + }, + { + "name": "1017344", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017344" + }, + { + "name": "20061115 NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0261.html" + }, + { + "name": "20061115 NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451637/100/0/threaded" + }, + { + "name": "[tech-security] 20061116 Re: [Full-disclosure] NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure", + "refsource": "MLIST", + "url": "http://mail-index.netbsd.org/tech-security/2006/11/16/0001.html" + }, + { + "name": "FreeBSD-SA-06:25", + "refsource": "FREEBSD", + "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:25.kmem.asc" + }, + { + "name": "freebsd-fwdev-integer-overflow(30347)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30347" + }, + { + "name": "20061121 Clarifying integer overflows vs. signedness errors", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452264/100/0/threaded" + }, + { + "name": "20061122 Re: Clarifying integer overflows vs. signedness errors", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452331/100/0/threaded" + }, + { + "name": "20061120 RE: FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452124/100/0/threaded" + }, + { + "name": "[tech-security] 20061214 NetBSD Security Note 20061214-1: Kernel memory leakage in firewire interface", + "refsource": "MLIST", + "url": "http://mail-index.netbsd.org/tech-security/2006/12/14/0002.html" + }, + { + "name": "http://www.dragonflybsd.org/cvsweb/src/sys/bus/firewire/fwdev.c", + "refsource": "MISC", + "url": "http://www.dragonflybsd.org/cvsweb/src/sys/bus/firewire/fwdev.c" + }, + { + "name": "21089", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21089" + }, + { + "name": "22917", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22917" + }, + { + "name": "20061115 TrustedBSD* all versions FireWire IOCTL kernel integer overflow information disclousure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451698/100/0/threaded" + }, + { + "name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/ieee1394/fwdev.c", + "refsource": "CONFIRM", + "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/ieee1394/fwdev.c" + }, + { + "name": "20061115 DragonFlyBSD all versions FireWire IOCTL kernel integer overflow information disclousure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451677/100/0/threaded" + }, + { + "name": "20061115 FreeBSD all versions FireWire IOCTL kernel integer overflow information disclousure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451629/100/0/threaded" + }, + { + "name": "http://www.kernelhacking.com/bsdadv1.txt", + "refsource": "MISC", + "url": "http://www.kernelhacking.com/bsdadv1.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6203.json b/2006/6xxx/CVE-2006-6203.json index 14a70cd66e3..535108bbf64 100644 --- a/2006/6xxx/CVE-2006-6203.json +++ b/2006/6xxx/CVE-2006-6203.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in startdown.php in the Flyspray ME 1.0.1 (com_flyspray) component for Mambo allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2852", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2852" - }, - { - "name" : "21315", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21315" - }, - { - "name" : "ADV-2006-4721", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4721" - }, - { - "name" : "23097", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23097" - }, - { - "name" : "flysprayme-startdown-directory-traversal(30497)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in startdown.php in the Flyspray ME 1.0.1 (com_flyspray) component for Mambo allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23097", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23097" + }, + { + "name": "flysprayme-startdown-directory-traversal(30497)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30497" + }, + { + "name": "ADV-2006-4721", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4721" + }, + { + "name": "2852", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2852" + }, + { + "name": "21315", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21315" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6692.json b/2006/6xxx/CVE-2006-6692.json index 27aad550cd2..9cdc5ba8ef1 100644 --- a/2006/6xxx/CVE-2006-6692.json +++ b/2006/6xxx/CVE-2006-6692.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi/zabbix.security.patch?bug=391388;msg=5;att=1", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi/zabbix.security.patch?bug=391388;msg=5;att=1" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=391388", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=391388" - }, - { - "name" : "20416", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20416" - }, - { - "name" : "ADV-2006-3959", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3959" - }, - { - "name" : "22313", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22313" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3959", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3959" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi/zabbix.security.patch?bug=391388;msg=5;att=1", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi/zabbix.security.patch?bug=391388;msg=5;att=1" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=391388", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=391388" + }, + { + "name": "20416", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20416" + }, + { + "name": "22313", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22313" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7019.json b/2006/7xxx/CVE-2006-7019.json index 349a66b969f..224c9802bc2 100644 --- a/2006/7xxx/CVE-2006-7019.json +++ b/2006/7xxx/CVE-2006-7019.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via crafted arguments to the (1) text_evento and (2) email_eventonome_evento parameters to phpwcms_code_snippets/mail_file_form.php and sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phpwcms.de/forum/viewtopic.php?t=10958", - "refsource" : "MISC", - "url" : "http://www.phpwcms.de/forum/viewtopic.php?t=10958" - }, - { - "name" : "ADV-2006-1556", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1556" - }, - { - "name" : "19866", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19866" - }, - { - "name" : "phpwcms-mailfileform-file-include(26126)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via crafted arguments to the (1) text_evento and (2) email_eventonome_evento parameters to phpwcms_code_snippets/mail_file_form.php and sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19866", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19866" + }, + { + "name": "ADV-2006-1556", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1556" + }, + { + "name": "http://www.phpwcms.de/forum/viewtopic.php?t=10958", + "refsource": "MISC", + "url": "http://www.phpwcms.de/forum/viewtopic.php?t=10958" + }, + { + "name": "phpwcms-mailfileform-file-include(26126)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26126" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2344.json b/2010/2xxx/CVE-2010-2344.json index c1b838bf4bb..9ae83c2823d 100644 --- a/2010/2xxx/CVE-2010-2344.json +++ b/2010/2xxx/CVE-2010-2344.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in odCMS 1.06, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Page parameter to (1) _main/index.php, (2) _members/index.php, (3) _forum/index.php, (4) _docs/index.php, and (5) _announcements/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://holisticinfosec.org/content/view/146/45/", - "refsource" : "MISC", - "url" : "http://holisticinfosec.org/content/view/146/45/" - }, - { - "name" : "40678", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40678" - }, - { - "name" : "65258", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/65258" - }, - { - "name" : "65259", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/65259" - }, - { - "name" : "65260", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/65260" - }, - { - "name" : "65261", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/65261" - }, - { - "name" : "65262", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/65262" - }, - { - "name" : "39942", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39942" - }, - { - "name" : "odcms-page-xss(59247)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59247" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in odCMS 1.06, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Page parameter to (1) _main/index.php, (2) _members/index.php, (3) _forum/index.php, (4) _docs/index.php, and (5) _announcements/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39942", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39942" + }, + { + "name": "65259", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/65259" + }, + { + "name": "65258", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/65258" + }, + { + "name": "odcms-page-xss(59247)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59247" + }, + { + "name": "65260", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/65260" + }, + { + "name": "40678", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40678" + }, + { + "name": "65262", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/65262" + }, + { + "name": "http://holisticinfosec.org/content/view/146/45/", + "refsource": "MISC", + "url": "http://holisticinfosec.org/content/view/146/45/" + }, + { + "name": "65261", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/65261" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2613.json b/2010/2xxx/CVE-2010-2613.json index 59cd61b5f35..0aa89674849 100644 --- a/2010/2xxx/CVE-2010-2613.json +++ b/2010/2xxx/CVE-2010-2613.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2613", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, which is not properly handled in a view action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14059", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14059" - }, - { - "name" : "http://packetstormsecurity.org/1006-exploits/joomlaawdsong-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1006-exploits/joomlaawdsong-xss.txt" - }, - { - "name" : "41165", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41165" - }, - { - "name" : "jeawdsongcom-index-xss(59807)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, which is not properly handled in a view action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41165", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41165" + }, + { + "name": "14059", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14059" + }, + { + "name": "jeawdsongcom-index-xss(59807)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59807" + }, + { + "name": "http://packetstormsecurity.org/1006-exploits/joomlaawdsong-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1006-exploits/joomlaawdsong-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2945.json b/2010/2xxx/CVE-2010-2945.json index 851235416ed..c4d4fc32bb9 100644 --- a/2010/2xxx/CVE-2010-2945.json +++ b/2010/2xxx/CVE-2010-2945.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of SLiM before 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100819 CVE Request: SLiM insecure PATH assignment", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/08/19/8" - }, - { - "name" : "[oss-security] 20100820 Re: CVE Request: SLiM insecure PATH assignment", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/08/20/10" - }, - { - "name" : "http://svn.berlios.de/viewvc/slim?view=revision&revision=171", - "refsource" : "CONFIRM", - "url" : "http://svn.berlios.de/viewvc/slim?view=revision&revision=171" - }, - { - "name" : "41005", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of SLiM before 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100820 Re: CVE Request: SLiM insecure PATH assignment", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/08/20/10" + }, + { + "name": "http://svn.berlios.de/viewvc/slim?view=revision&revision=171", + "refsource": "CONFIRM", + "url": "http://svn.berlios.de/viewvc/slim?view=revision&revision=171" + }, + { + "name": "[oss-security] 20100819 CVE Request: SLiM insecure PATH assignment", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/08/19/8" + }, + { + "name": "41005", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41005" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0619.json b/2011/0xxx/CVE-2011-0619.json index 5b0ff210e73..35377ded2c2 100644 --- a/2011/0xxx/CVE-2011-0619.json +++ b/2011/0xxx/CVE-2011-0619.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0620, CVE-2011-0621, and CVE-2011-0622." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-0619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-12.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-12.html" - }, - { - "name" : "SUSE-SA:2011:025", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" - }, - { - "name" : "oval:org.mitre.oval:def:14088", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14088" - }, - { - "name" : "oval:org.mitre.oval:def:16141", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16141" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0620, CVE-2011-0621, and CVE-2011-0622." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16141", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16141" + }, + { + "name": "oval:org.mitre.oval:def:14088", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14088" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-12.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" + }, + { + "name": "SUSE-SA:2011:025", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0918.json b/2011/0xxx/CVE-2011-0918.json index 8314a12c5a6..533e65b330f 100644 --- a/2011/0xxx/CVE-2011-0918.json +++ b/2011/0xxx/CVE-2011-0918.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the NRouter (aka Router) service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long filenames associated with Content-ID and ATTACH:CID headers in attachments in malformed calendar-request e-mail messages, aka SPR KLYH87LKRE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21461514", - "refsource" : "MISC", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21461514" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-11-046/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-11-046/" - }, - { - "name" : "43224", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43224" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the NRouter (aka Router) service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long filenames associated with Content-ID and ATTACH:CID headers in attachments in malformed calendar-request e-mail messages, aka SPR KLYH87LKRE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43224", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43224" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-11-046/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-11-046/" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514", + "refsource": "MISC", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1330.json b/2011/1xxx/CVE-2011-1330.json index b6e5966af4b..705afe10e20 100644 --- a/2011/1xxx/CVE-2011-1330.json +++ b/2011/1xxx/CVE-2011-1330.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in WeblyGo 5.0 Pro/LE, 5.02 Pro/LE, 5.03 Pro/LE, 5.04 Pro/LE, and 5.10 Pro/LE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2011-1330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kbs.co.jp/jp/tabid/254/Default.aspx", - "refsource" : "CONFIRM", - "url" : "http://www.kbs.co.jp/jp/tabid/254/Default.aspx" - }, - { - "name" : "JVN#43386477", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN43386477/index.html" - }, - { - "name" : "JVNDB-2011-000042", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000042" - }, - { - "name" : "48338", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48338" - }, - { - "name" : "44994", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44994" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in WeblyGo 5.0 Pro/LE, 5.02 Pro/LE, 5.03 Pro/LE, 5.04 Pro/LE, and 5.10 Pro/LE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48338", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48338" + }, + { + "name": "JVN#43386477", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN43386477/index.html" + }, + { + "name": "http://www.kbs.co.jp/jp/tabid/254/Default.aspx", + "refsource": "CONFIRM", + "url": "http://www.kbs.co.jp/jp/tabid/254/Default.aspx" + }, + { + "name": "JVNDB-2011-000042", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000042" + }, + { + "name": "44994", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44994" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1579.json b/2011/1xxx/CVE-2011-1579.json index c795901ef26..3876defc046 100644 --- a/2011/1xxx/CVE-2011-1579.json +++ b/2011/1xxx/CVE-2011-1579.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using the \\2f\\2a and \\2a\\2f hex strings to surround CSS comments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[mediawiki-announce] 20110412 MediaWiki security release 1.16.3", - "refsource" : "MLIST", - "url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html" - }, - { - "name" : "[oss-security] 20110413 Re: CVE request: mediawiki 1.16.3", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/13/15" - }, - { - "name" : "http://www.mediawiki.org/wiki/Special:Code/MediaWiki/85856", - "refsource" : "CONFIRM", - "url" : "http://www.mediawiki.org/wiki/Special:Code/MediaWiki/85856" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=695577", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=695577" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=696360", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=696360" - }, - { - "name" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=28450", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=28450" - }, - { - "name" : "DSA-2366", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2366" - }, - { - "name" : "FEDORA-2011-5495", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html" - }, - { - "name" : "FEDORA-2011-5807", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html" - }, - { - "name" : "FEDORA-2011-5812", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html" - }, - { - "name" : "FEDORA-2011-5848", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html" - }, - { - "name" : "47354", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47354" - }, - { - "name" : "44142", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44142" - }, - { - "name" : "ADV-2011-0978", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0978" - }, - { - "name" : "ADV-2011-1100", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/1100" - }, - { - "name" : "ADV-2011-1151", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/1151" - }, - { - "name" : "mediawiki-css-data-xss(66738)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66738" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using the \\2f\\2a and \\2a\\2f hex strings to surround CSS comments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2011-5495", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html" + }, + { + "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28450", + "refsource": "CONFIRM", + "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28450" + }, + { + "name": "ADV-2011-0978", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0978" + }, + { + "name": "http://www.mediawiki.org/wiki/Special:Code/MediaWiki/85856", + "refsource": "CONFIRM", + "url": "http://www.mediawiki.org/wiki/Special:Code/MediaWiki/85856" + }, + { + "name": "FEDORA-2011-5807", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html" + }, + { + "name": "47354", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47354" + }, + { + "name": "44142", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44142" + }, + { + "name": "FEDORA-2011-5848", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html" + }, + { + "name": "ADV-2011-1151", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/1151" + }, + { + "name": "mediawiki-css-data-xss(66738)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66738" + }, + { + "name": "DSA-2366", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2366" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=696360", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696360" + }, + { + "name": "[mediawiki-announce] 20110412 MediaWiki security release 1.16.3", + "refsource": "MLIST", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000096.html" + }, + { + "name": "ADV-2011-1100", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/1100" + }, + { + "name": "FEDORA-2011-5812", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=695577", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=695577" + }, + { + "name": "[oss-security] 20110413 Re: CVE request: mediawiki 1.16.3", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/13/15" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1704.json b/2011/1xxx/CVE-2011-1704.json index d9dc85093af..146cc93afb0 100644 --- a/2011/1xxx/CVE-2011-1704.json +++ b/2011/1xxx/CVE-2011-1704.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted core-package parameter in a printer-url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110606 ZDI-11-177: Novell iPrint nipplib.dll core-package Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/518268/100/0/threaded" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-11-177/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-11-177/" - }, - { - "name" : "http://download.novell.com/Download?buildid=6_bNby38ERg~", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=6_bNby38ERg~" - }, - { - "name" : "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008728", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008728" - }, - { - "name" : "48124", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48124" - }, - { - "name" : "1025606", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025606" - }, - { - "name" : "44811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44811" - }, - { - "name" : "novell-iprint-corepackage-bo(67879)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67879" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted core-package parameter in a printer-url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025606", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025606" + }, + { + "name": "http://download.novell.com/Download?buildid=6_bNby38ERg~", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=6_bNby38ERg~" + }, + { + "name": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008728", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008728" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-11-177/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-11-177/" + }, + { + "name": "44811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44811" + }, + { + "name": "48124", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48124" + }, + { + "name": "20110606 ZDI-11-177: Novell iPrint nipplib.dll core-package Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/518268/100/0/threaded" + }, + { + "name": "novell-iprint-corepackage-bo(67879)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67879" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1973.json b/2011/1xxx/CVE-2011-1973.json index aa495ce662e..dabdb7be8a9 100644 --- a/2011/1xxx/CVE-2011-1973.json +++ b/2011/1xxx/CVE-2011-1973.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1973", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-1973", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4666.json b/2011/4xxx/CVE-2011-4666.json index 493e195a23b..108dd260e23 100644 --- a/2011/4xxx/CVE-2011-4666.json +++ b/2011/4xxx/CVE-2011-4666.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4666", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4666", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4951.json b/2011/4xxx/CVE-2011-4951.json index de5e65b13ad..6e9b329153b 100644 --- a/2011/4xxx/CVE-2011-4951.json +++ b/2011/4xxx/CVE-2011-4951.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4951", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in phpgwapi/ntlm/index.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[egroupware-german] 20110805 new EGroupware SECURITY & maintenance release 1.8.001.20110805", - "refsource" : "MLIST", - "url" : "http://comments.gmane.org/gmane.comp.web.egroupware.german/33144" - }, - { - "name" : "[oss-security] 20120328 Re: CVE request: egroupware before 1.8.002 various security issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/29/1" - }, - { - "name" : "[oss-security] 20120329 Re: CVE request: egroupware before 1.8.002 various security issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/30/3" - }, - { - "name" : "http://packetstormsecurity.org/files/101675/eGroupware-1.8.001.20110421-Open-Redirect.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/101675/eGroupware-1.8.001.20110421-Open-Redirect.html" - }, - { - "name" : "http://www.autosectools.com/Advisory/eGroupware-1.8.001-Reflected-Cross-site-Scripting-178", - "refsource" : "MISC", - "url" : "http://www.autosectools.com/Advisory/eGroupware-1.8.001-Reflected-Cross-site-Scripting-178" - }, - { - "name" : "http://www.egroupware.org/changelog", - "refsource" : "CONFIRM", - "url" : "http://www.egroupware.org/changelog" - }, - { - "name" : "http://www.egroupware.org/epl-changelog", - "refsource" : "CONFIRM", - "url" : "http://www.egroupware.org/epl-changelog" - }, - { - "name" : "52770", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52770" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in phpgwapi/ntlm/index.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.egroupware.org/epl-changelog", + "refsource": "CONFIRM", + "url": "http://www.egroupware.org/epl-changelog" + }, + { + "name": "http://www.egroupware.org/changelog", + "refsource": "CONFIRM", + "url": "http://www.egroupware.org/changelog" + }, + { + "name": "52770", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52770" + }, + { + "name": "http://www.autosectools.com/Advisory/eGroupware-1.8.001-Reflected-Cross-site-Scripting-178", + "refsource": "MISC", + "url": "http://www.autosectools.com/Advisory/eGroupware-1.8.001-Reflected-Cross-site-Scripting-178" + }, + { + "name": "[egroupware-german] 20110805 new EGroupware SECURITY & maintenance release 1.8.001.20110805", + "refsource": "MLIST", + "url": "http://comments.gmane.org/gmane.comp.web.egroupware.german/33144" + }, + { + "name": "http://packetstormsecurity.org/files/101675/eGroupware-1.8.001.20110421-Open-Redirect.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/101675/eGroupware-1.8.001.20110421-Open-Redirect.html" + }, + { + "name": "[oss-security] 20120328 Re: CVE request: egroupware before 1.8.002 various security issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/29/1" + }, + { + "name": "[oss-security] 20120329 Re: CVE request: egroupware before 1.8.002 various security issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/30/3" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5033.json b/2011/5xxx/CVE-2011-5033.json index 36b62212165..b8ee13543cd 100644 --- a/2011/5xxx/CVE-2011-5033.json +++ b/2011/5xxx/CVE-2011-5033.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in CFS.c in ConfigServer Security & Firewall (CSF) before 5.43, when running on a DirectAdmin server, allows local users to cause a denial of service (crash) via a long string in an admin.list file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18225", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18225" - }, - { - "name" : "http://forum.configserver.com/viewtopic.php?f=4&t=5008", - "refsource" : "CONFIRM", - "url" : "http://forum.configserver.com/viewtopic.php?f=4&t=5008" - }, - { - "name" : "http://www.configserver.com/free/csf/changelog.txt", - "refsource" : "CONFIRM", - "url" : "http://www.configserver.com/free/csf/changelog.txt" - }, - { - "name" : "csf-dacsf-bo(71758)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71758" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in CFS.c in ConfigServer Security & Firewall (CSF) before 5.43, when running on a DirectAdmin server, allows local users to cause a denial of service (crash) via a long string in an admin.list file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.configserver.com/free/csf/changelog.txt", + "refsource": "CONFIRM", + "url": "http://www.configserver.com/free/csf/changelog.txt" + }, + { + "name": "csf-dacsf-bo(71758)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71758" + }, + { + "name": "18225", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18225" + }, + { + "name": "http://forum.configserver.com/viewtopic.php?f=4&t=5008", + "refsource": "CONFIRM", + "url": "http://forum.configserver.com/viewtopic.php?f=4&t=5008" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2071.json b/2014/2xxx/CVE-2014-2071.json index 02adc9971d2..ab6d9ceb859 100644 --- a/2014/2xxx/CVE-2014-2071.json +++ b/2014/2xxx/CVE-2014-2071.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.arubanetworks.com/assets/alert/aid-050214.asc", - "refsource" : "CONFIRM", - "url" : "http://www.arubanetworks.com/assets/alert/aid-050214.asc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.arubanetworks.com/assets/alert/aid-050214.asc", + "refsource": "CONFIRM", + "url": "http://www.arubanetworks.com/assets/alert/aid-050214.asc" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2075.json b/2014/2xxx/CVE-2014-2075.json index f575f349a04..d5fb0e5ee6a 100644 --- a/2014/2xxx/CVE-2014-2075.json +++ b/2014/2xxx/CVE-2014-2075.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tibco.com/mk/advisory.jsp", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/mk/advisory.jsp" - }, - { - "name" : "http://www.tibco.com/multimedia/enterprise_administator_advisory_20140226_tcm8-20533.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/multimedia/enterprise_administator_advisory_20140226_tcm8-20533.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tibco.com/mk/advisory.jsp", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/mk/advisory.jsp" + }, + { + "name": "http://www.tibco.com/multimedia/enterprise_administator_advisory_20140226_tcm8-20533.txt", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/multimedia/enterprise_administator_advisory_20140226_tcm8-20533.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2791.json b/2014/2xxx/CVE-2014-2791.json index 9f00370a472..f34c14b1318 100644 --- a/2014/2xxx/CVE-2014-2791.json +++ b/2014/2xxx/CVE-2014-2791.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-037", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037" - }, - { - "name" : "68376", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68376" - }, - { - "name" : "1030532", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030532" - }, - { - "name" : "59775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68376", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68376" + }, + { + "name": "MS14-037", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037" + }, + { + "name": "59775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59775" + }, + { + "name": "1030532", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030532" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2826.json b/2014/2xxx/CVE-2014-2826.json index 3fef084f559..735089d4dde 100644 --- a/2014/2xxx/CVE-2014-2826.json +++ b/2014/2xxx/CVE-2014-2826.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2826", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2774, CVE-2014-2820, CVE-2014-2827, and CVE-2014-4063." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2826", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-051", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" - }, - { - "name" : "69122", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69122" - }, - { - "name" : "1030715", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030715" - }, - { - "name" : "60670", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60670" - }, - { - "name" : "ms-ie-cve20142826-code-exec(94983)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94983" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2774, CVE-2014-2820, CVE-2014-2827, and CVE-2014-4063." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ms-ie-cve20142826-code-exec(94983)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94983" + }, + { + "name": "1030715", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030715" + }, + { + "name": "MS14-051", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" + }, + { + "name": "60670", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60670" + }, + { + "name": "69122", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69122" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3037.json b/2014/3xxx/CVE-2014-3037.json index d8eb7f9c9a1..07f4f15bd77 100644 --- a/2014/3xxx/CVE-2014-3037.json +++ b/2014/3xxx/CVE-2014-3037.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in IBM Configuration Management Application (aka VVC) in IBM Rational Engineering Lifecycle Manager before 4.0.7 and 5.x before 5.0.1, Rational Software Architect Design Manager before 4.0.7 and 5.x before 5.0.1, and Rational Rhapsody Design Manager before 4.0.7 and 5.x before 5.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682120", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682120" - }, - { - "name" : "69658", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69658" - }, - { - "name" : "60649", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60649" - }, - { - "name" : "61071", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61071" - }, - { - "name" : "ibm-vvc-cve20143037-csrf(93303)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93303" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in IBM Configuration Management Application (aka VVC) in IBM Rational Engineering Lifecycle Manager before 4.0.7 and 5.x before 5.0.1, Rational Software Architect Design Manager before 4.0.7 and 5.x before 5.0.1, and Rational Rhapsody Design Manager before 4.0.7 and 5.x before 5.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-vvc-cve20143037-csrf(93303)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93303" + }, + { + "name": "69658", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69658" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682120", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682120" + }, + { + "name": "61071", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61071" + }, + { + "name": "60649", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60649" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3112.json b/2014/3xxx/CVE-2014-3112.json index d230fea9202..9603c14426d 100644 --- a/2014/3xxx/CVE-2014-3112.json +++ b/2014/3xxx/CVE-2014-3112.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3112", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3112", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3244.json b/2014/3xxx/CVE-2014-3244.json index 30e79561ce1..4509a225416 100644 --- a/2014/3xxx/CVE-2014-3244.json +++ b/2014/3xxx/CVE-2014-3244.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140618 [CVE-2014-3244]SugarCRM v6.5.16 rss dashlet LFI via XXE Attack", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jun/92" - }, - { - "name" : "https://web.archive.org/web/20151105182132/http://www.pnigos.com/?p=294", - "refsource" : "MISC", - "url" : "https://web.archive.org/web/20151105182132/http://www.pnigos.com/?p=294" - }, - { - "name" : "68102", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68102", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68102" + }, + { + "name": "https://web.archive.org/web/20151105182132/http://www.pnigos.com/?p=294", + "refsource": "MISC", + "url": "https://web.archive.org/web/20151105182132/http://www.pnigos.com/?p=294" + }, + { + "name": "20140618 [CVE-2014-3244]SugarCRM v6.5.16 rss dashlet LFI via XXE Attack", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jun/92" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3459.json b/2014/3xxx/CVE-2014-3459.json index f90ca26be7e..0dd5e541e91 100644 --- a/2014/3xxx/CVE-2014-3459.json +++ b/2014/3xxx/CVE-2014-3459.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-14-133/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-14-133/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://zerodayinitiative.com/advisories/ZDI-14-133/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-14-133/" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3595.json b/2014/3xxx/CVE-2014-3595.json index 121272533a1..15bc0287dbe 100644 --- a/2014/3xxx/CVE-2014-3595.json +++ b/2014/3xxx/CVE-2014-3595.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2014:1184", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1184.html" - }, - { - "name" : "SUSE-SU-2014:1218", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00031.html" - }, - { - "name" : "SUSE-SU-2014:1339", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00009.html" - }, - { - "name" : "61115", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61115" - }, - { - "name" : "62027", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62027", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62027" + }, + { + "name": "RHSA-2014:1184", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1184.html" + }, + { + "name": "SUSE-SU-2014:1218", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00031.html" + }, + { + "name": "SUSE-SU-2014:1339", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00009.html" + }, + { + "name": "61115", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61115" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6029.json b/2014/6xxx/CVE-2014-6029.json index 6c90232b6c2..cbb3f540b1d 100644 --- a/2014/6xxx/CVE-2014-6029.json +++ b/2014/6xxx/CVE-2014-6029.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6029", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TorrentFlux 2.4 allows remote authenticated users to delete or modify other users' cookies via the cid parameter in an editCookies action to profile.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140829 RE: CVE requests for 2 separate vulns in torrentflux 2.4.5-1 (debian stable)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/08/29/5" - }, - { - "name" : "[oss-security] 20140902 Re: CVE requests for 2 separate vulns in torrentflux 2.4.5-1 (debian stable)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/09/02/3" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759573", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759573" - }, - { - "name" : "1030791", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TorrentFlux 2.4 allows remote authenticated users to delete or modify other users' cookies via the cid parameter in an editCookies action to profile.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759573", + "refsource": "MISC", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759573" + }, + { + "name": "[oss-security] 20140829 RE: CVE requests for 2 separate vulns in torrentflux 2.4.5-1 (debian stable)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/08/29/5" + }, + { + "name": "1030791", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030791" + }, + { + "name": "[oss-security] 20140902 Re: CVE requests for 2 separate vulns in torrentflux 2.4.5-1 (debian stable)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/09/02/3" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6258.json b/2014/6xxx/CVE-2014-6258.json index 22a4d588f5d..13cd568a521 100644 --- a/2014/6xxx/CVE-2014-6258.json +++ b/2014/6xxx/CVE-2014-6258.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An unspecified endpoint in Zenoss Core through 5 Beta 3 allows remote attackers to cause a denial of service (CPU consumption) by triggering an arbitrary regular-expression match attempt, aka ZEN-15411." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing", - "refsource" : "CONFIRM", - "url" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing" - }, - { - "name" : "VU#449452", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/449452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unspecified endpoint in Zenoss Core through 5 Beta 3 allows remote attackers to cause a denial of service (CPU consumption) by triggering an arbitrary regular-expression match attempt, aka ZEN-15411." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#449452", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/449452" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing", + "refsource": "CONFIRM", + "url": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6541.json b/2014/6xxx/CVE-2014-6541.json index 38ef3c28669..2614c284bf8 100644 --- a/2014/6xxx/CVE-2014-6541.json +++ b/2014/6xxx/CVE-2014-6541.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Recovery component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affect confidentiality via vectors related to DBMS_IR." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "72158", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72158" - }, - { - "name" : "1031572", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Recovery component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affect confidentiality via vectors related to DBMS_IR." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "72158", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72158" + }, + { + "name": "1031572", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031572" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6928.json b/2014/6xxx/CVE-2014-6928.json index 0076da66e9b..5fafd103059 100644 --- a/2014/6xxx/CVE-2014-6928.json +++ b/2014/6xxx/CVE-2014-6928.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Rastreador de Celulares (aka com.mobincube.android.sc_9KTH8) application 5.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#943121", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/943121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Rastreador de Celulares (aka com.mobincube.android.sc_9KTH8) application 5.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#943121", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/943121" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7155.json b/2014/7xxx/CVE-2014-7155.json index b667c93ee45..aebf3e85866 100644 --- a/2014/7xxx/CVE-2014-7155.json +++ b/2014/7xxx/CVE-2014-7155.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xenbits.xen.org/xsa/advisory-105.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-105.html" - }, - { - "name" : "http://support.citrix.com/article/CTX200218", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX200218" - }, - { - "name" : "DSA-3041", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3041" - }, - { - "name" : "FEDORA-2014-12000", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140483.html" - }, - { - "name" : "FEDORA-2014-12036", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html" - }, - { - "name" : "GLSA-201412-42", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201412-42.xml" - }, - { - "name" : "openSUSE-SU-2014:1279", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html" - }, - { - "name" : "openSUSE-SU-2014:1281", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html" - }, - { - "name" : "70057", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70057" - }, - { - "name" : "1030888", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030888" - }, - { - "name" : "61858", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61858" - }, - { - "name" : "61890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61890" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:1281", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html" + }, + { + "name": "FEDORA-2014-12000", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140483.html" + }, + { + "name": "openSUSE-SU-2014:1279", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-105.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-105.html" + }, + { + "name": "http://support.citrix.com/article/CTX200218", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX200218" + }, + { + "name": "1030888", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030888" + }, + { + "name": "FEDORA-2014-12036", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html" + }, + { + "name": "DSA-3041", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3041" + }, + { + "name": "61858", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61858" + }, + { + "name": "61890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61890" + }, + { + "name": "GLSA-201412-42", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201412-42.xml" + }, + { + "name": "70057", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70057" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7484.json b/2014/7xxx/CVE-2014-7484.json index 0d010b7ea1c..73bf7f59f86 100644 --- a/2014/7xxx/CVE-2014-7484.json +++ b/2014/7xxx/CVE-2014-7484.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7484", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Coca-Cola FM Guatemala (aka com.enyetech.radio.coca_cola.fm_gu) application 2.0.41725 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7484", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#608369", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/608369" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Coca-Cola FM Guatemala (aka com.enyetech.radio.coca_cola.fm_gu) application 2.0.41725 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#608369", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/608369" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7487.json b/2014/7xxx/CVE-2014-7487.json index 03691661fdf..8c95606245b 100644 --- a/2014/7xxx/CVE-2014-7487.json +++ b/2014/7xxx/CVE-2014-7487.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ADT Aesthetic Dentistry Today (aka com.magazinecloner.aestheticdentistry) application @7F080181 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#739137", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/739137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ADT Aesthetic Dentistry Today (aka com.magazinecloner.aestheticdentistry) application @7F080181 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#739137", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/739137" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7609.json b/2014/7xxx/CVE-2014-7609.json index ccf6533b85c..4d1e23959ee 100644 --- a/2014/7xxx/CVE-2014-7609.json +++ b/2014/7xxx/CVE-2014-7609.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The iStunt 2 (aka com.miniclip.istunt2) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#577217", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/577217" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The iStunt 2 (aka com.miniclip.istunt2) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#577217", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/577217" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2144.json b/2016/2xxx/CVE-2016-2144.json index 4f735403e2f..229cc25865c 100644 --- a/2016/2xxx/CVE-2016-2144.json +++ b/2016/2xxx/CVE-2016-2144.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2144", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-0284. Reason: This candidate is a reservation duplicate of CVE-2015-0284. Notes: All CVE users should reference CVE-2015-0284 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2144", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-0284. Reason: This candidate is a reservation duplicate of CVE-2015-0284. Notes: All CVE users should reference CVE-2015-0284 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2856.json b/2016/2xxx/CVE-2016-2856.json index 3a48841e570..3c8ffa4ff79 100644 --- a/2016/2xxx/CVE-2016-2856.json +++ b/2016/2xxx/CVE-2016-2856.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2856", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160223 Access to /dev/pts devices via pt_chown and user namespaces", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/02/23/3" - }, - { - "name" : "[oss-security] 20160306 Re: Access to /dev/pts devices via pt_chown and user namespaces", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/03/07/2" - }, - { - "name" : "http://www.halfdog.net/Security/2015/PtChownArbitraryPtsAccessViaUserNamespace/", - "refsource" : "MISC", - "url" : "http://www.halfdog.net/Security/2015/PtChownArbitraryPtsAccessViaUserNamespace/" - }, - { - "name" : "http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=09f7764882a81e13e7b5d87d715412283a6ce403", - "refsource" : "CONFIRM", - "url" : "http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=09f7764882a81e13e7b5d87d715412283a6ce403" - }, - { - "name" : "http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=11475c083282c1582c4dd72eecfcb2b7d308c958", - "refsource" : "CONFIRM", - "url" : "http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=11475c083282c1582c4dd72eecfcb2b7d308c958" - }, - { - "name" : "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2856.html", - "refsource" : "CONFIRM", - "url" : "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2856.html" - }, - { - "name" : "USN-2985-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2985-1" - }, - { - "name" : "USN-2985-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2985-2" - }, - { - "name" : "84601", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84601" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.halfdog.net/Security/2015/PtChownArbitraryPtsAccessViaUserNamespace/", + "refsource": "MISC", + "url": "http://www.halfdog.net/Security/2015/PtChownArbitraryPtsAccessViaUserNamespace/" + }, + { + "name": "http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=11475c083282c1582c4dd72eecfcb2b7d308c958", + "refsource": "CONFIRM", + "url": "http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=11475c083282c1582c4dd72eecfcb2b7d308c958" + }, + { + "name": "[oss-security] 20160306 Re: Access to /dev/pts devices via pt_chown and user namespaces", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/03/07/2" + }, + { + "name": "84601", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84601" + }, + { + "name": "USN-2985-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2985-2" + }, + { + "name": "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2856.html", + "refsource": "CONFIRM", + "url": "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2856.html" + }, + { + "name": "http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=09f7764882a81e13e7b5d87d715412283a6ce403", + "refsource": "CONFIRM", + "url": "http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=09f7764882a81e13e7b5d87d715412283a6ce403" + }, + { + "name": "[oss-security] 20160223 Access to /dev/pts devices via pt_chown and user namespaces", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/02/23/3" + }, + { + "name": "USN-2985-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2985-1" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0012.json b/2017/0xxx/CVE-2017-0012.json index 334b6da8e35..b03182d1719 100644 --- a/2017/0xxx/CVE-2017-0012.json +++ b/2017/0xxx/CVE-2017-0012.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Browsers", - "version" : { - "version_data" : [ - { - "version_value" : "Internet Explorer 11 and Microsoft Edge" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka \"Microsoft Browser Spoofing Vulnerability.\" This vulnerability is different from those described in CVE-2017-0033 and CVE-2017-0069." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Spoofing" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Browsers", + "version": { + "version_data": [ + { + "version_value": "Internet Explorer 11 and Microsoft Edge" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0012", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0012" - }, - { - "name" : "96085", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96085" - }, - { - "name" : "1038006", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038006" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka \"Microsoft Browser Spoofing Vulnerability.\" This vulnerability is different from those described in CVE-2017-0033 and CVE-2017-0069." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038006", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038006" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0012", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0012" + }, + { + "name": "96085", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96085" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18173.json b/2017/18xxx/CVE-2017-18173.json index 57c0b182b7c..91ccab0fc24 100644 --- a/2017/18xxx/CVE-2017-18173.json +++ b/2017/18xxx/CVE-2017-18173.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18173", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18173", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1152.json b/2017/1xxx/CVE-2017-1152.json index dcbe29a3e0f..5f308a681a2 100644 --- a/2017/1xxx/CVE-2017-1152.json +++ b/2017/1xxx/CVE-2017-1152.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Financial Transaction Manager", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.1" - }, - { - "version_value" : "3.0.1.0" - }, - { - "version_value" : "3.0.2" - }, - { - "version_value" : "3.0.2.0" - }, - { - "version_value" : "3.0.2.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Transaction Manager", + "version": { + "version_data": [ + { + "version_value": "3.0.1" + }, + { + "version_value": "3.0.1.0" + }, + { + "version_value": "3.0.2" + }, + { + "version_value": "3.0.2.0" + }, + { + "version_value": "3.0.2.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22001551", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22001551" - }, - { - "name" : "99237", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99237" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22001551", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22001551" + }, + { + "name": "99237", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99237" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1206.json b/2017/1xxx/CVE-2017-1206.json index a85e6cb7958..2f860c5526b 100644 --- a/2017/1xxx/CVE-2017-1206.json +++ b/2017/1xxx/CVE-2017-1206.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1206", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1206", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1408.json b/2017/1xxx/CVE-2017-1408.json index 7f9cb11ef80..a990c0624b7 100644 --- a/2017/1xxx/CVE-2017-1408.json +++ b/2017/1xxx/CVE-2017-1408.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1408", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1408", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1418.json b/2017/1xxx/CVE-2017-1418.json index c0a28363ffc..ad6a840c1d9 100644 --- a/2017/1xxx/CVE-2017-1418.json +++ b/2017/1xxx/CVE-2017-1418.json @@ -1,110 +1,110 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-11-20T00:00:00", - "ID" : "CVE-2017-1418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Integration Bus", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.0.0" - }, - { - "version_value" : "10.0.0.14" - }, - { - "version_value" : "9.0.0.11" - }, - { - "version_value" : "10.0.0.0" - } - ] - } - }, - { - "product_name" : "WebSphere Message Broker", - "version" : { - "version_data" : [ - { - "version_value" : "8.0.0.0" - }, - { - "version_value" : "8.0.0.9" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "L", - "C" : "N", - "I" : "L", - "PR" : "N", - "S" : "U", - "SCORE" : "4.000", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "File Manipulation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-11-20T00:00:00", + "ID": "CVE-2017-1418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Integration Bus", + "version": { + "version_data": [ + { + "version_value": "9.0.0.0" + }, + { + "version_value": "10.0.0.14" + }, + { + "version_value": "9.0.0.11" + }, + { + "version_value": "10.0.0.0" + } + ] + } + }, + { + "product_name": "WebSphere Message Broker", + "version": { + "version_data": [ + { + "version_value": "8.0.0.0" + }, + { + "version_value": "8.0.0.9" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10735181", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10735181" - }, - { - "name" : "ibm-ibus-cve20171418-file-access(127406)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127406" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "L", + "C": "N", + "I": "L", + "PR": "N", + "S": "U", + "SCORE": "4.000", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "File Manipulation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-ibus-cve20171418-file-access(127406)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127406" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10735181", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10735181" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1852.json b/2017/1xxx/CVE-2017-1852.json index 9f896892061..badf2d0f08c 100644 --- a/2017/1xxx/CVE-2017-1852.json +++ b/2017/1xxx/CVE-2017-1852.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1852", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1852", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1952.json b/2017/1xxx/CVE-2017-1952.json index 98d09c57a71..966f933fa52 100644 --- a/2017/1xxx/CVE-2017-1952.json +++ b/2017/1xxx/CVE-2017-1952.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1952", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1952", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5198.json b/2017/5xxx/CVE-2017-5198.json index 35d4944a4ce..d4bcedeebd4 100644 --- a/2017/5xxx/CVE-2017-5198.json +++ b/2017/5xxx/CVE-2017-5198.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5198", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5198", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.0xlabs.com/2017/03/solarwinds-lem-ssh-jailbreak-and.html", - "refsource" : "MISC", - "url" : "http://blog.0xlabs.com/2017/03/solarwinds-lem-ssh-jailbreak-and.html" - }, - { - "name" : "97094", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97094" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.0xlabs.com/2017/03/solarwinds-lem-ssh-jailbreak-and.html", + "refsource": "MISC", + "url": "http://blog.0xlabs.com/2017/03/solarwinds-lem-ssh-jailbreak-and.html" + }, + { + "name": "97094", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97094" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5202.json b/2017/5xxx/CVE-2017-5202.json index b1bb4215776..792b78d637e 100644 --- a/2017/5xxx/CVE-2017-5202.json +++ b/2017/5xxx/CVE-2017-5202.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5202", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", - "refsource" : "CONFIRM", - "url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" - }, - { - "name" : "DSA-3775", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3775" - }, - { - "name" : "GLSA-201702-30", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-30" - }, - { - "name" : "RHSA-2017:1871", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1871" - }, - { - "name" : "95852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95852" - }, - { - "name" : "1037755", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037755", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037755" + }, + { + "name": "DSA-3775", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3775" + }, + { + "name": "RHSA-2017:1871", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1871" + }, + { + "name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", + "refsource": "CONFIRM", + "url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" + }, + { + "name": "95852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95852" + }, + { + "name": "GLSA-201702-30", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-30" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5496.json b/2017/5xxx/CVE-2017-5496.json index 8e8c0f0fd3b..b4d37be4a8c 100644 --- a/2017/5xxx/CVE-2017-5496.json +++ b/2017/5xxx/CVE-2017-5496.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of a password hash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41395", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41395/" - }, - { - "name" : "20170221 Sawmill Enterprise v8.7.9 Pass The Hash Authentication Bypass", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Feb/46" - }, - { - "name" : "http://hyp3rlinx.altervista.org/advisories/SAWMILL-PASS-THE-HASH-AUTHENTICATION-BYPASS.txt", - "refsource" : "MISC", - "url" : "http://hyp3rlinx.altervista.org/advisories/SAWMILL-PASS-THE-HASH-AUTHENTICATION-BYPASS.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/141177/Sawmill-Enterprise-8.7.9-Authentication-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/141177/Sawmill-Enterprise-8.7.9-Authentication-Bypass.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of a password hash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41395", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41395/" + }, + { + "name": "http://packetstormsecurity.com/files/141177/Sawmill-Enterprise-8.7.9-Authentication-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/141177/Sawmill-Enterprise-8.7.9-Authentication-Bypass.html" + }, + { + "name": "20170221 Sawmill Enterprise v8.7.9 Pass The Hash Authentication Bypass", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Feb/46" + }, + { + "name": "http://hyp3rlinx.altervista.org/advisories/SAWMILL-PASS-THE-HASH-AUTHENTICATION-BYPASS.txt", + "refsource": "MISC", + "url": "http://hyp3rlinx.altervista.org/advisories/SAWMILL-PASS-THE-HASH-AUTHENTICATION-BYPASS.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5514.json b/2017/5xxx/CVE-2017-5514.json index 10ebd3764a6..c2cd8c3b309 100644 --- a/2017/5xxx/CVE-2017-5514.json +++ b/2017/5xxx/CVE-2017-5514.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5514", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5514", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5519.json b/2017/5xxx/CVE-2017-5519.json index c4255f71ae2..51e19be6042 100644 --- a/2017/5xxx/CVE-2017-5519.json +++ b/2017/5xxx/CVE-2017-5519.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5519", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/semplon/GeniXCMS/issues/67", - "refsource" : "CONFIRM", - "url" : "https://github.com/semplon/GeniXCMS/issues/67" - }, - { - "name" : "95458", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95458", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95458" + }, + { + "name": "https://github.com/semplon/GeniXCMS/issues/67", + "refsource": "CONFIRM", + "url": "https://github.com/semplon/GeniXCMS/issues/67" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5624.json b/2017/5xxx/CVE-2017-5624.json index 47a17e91404..aedf54a5305 100644 --- a/2017/5xxx/CVE-2017-5624.json +++ b/2017/5xxx/CVE-2017-5624.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the (locked) bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disable_dm_verity' command. Having dm-verity disabled, the kernel will not verify the system partition (and any other dm-verity protected partition), which may allow for persistent code execution and privilege escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://securityresear.ch/2017/02/08/oneplus3-bootloader-vulns/", - "refsource" : "MISC", - "url" : "https://securityresear.ch/2017/02/08/oneplus3-bootloader-vulns/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the (locked) bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disable_dm_verity' command. Having dm-verity disabled, the kernel will not verify the system partition (and any other dm-verity protected partition), which may allow for persistent code execution and privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://securityresear.ch/2017/02/08/oneplus3-bootloader-vulns/", + "refsource": "MISC", + "url": "https://securityresear.ch/2017/02/08/oneplus3-bootloader-vulns/" + } + ] + } +} \ No newline at end of file