From 61203c39dc87c88a369d802fb6b95b808f7e664e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:04:15 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/3xxx/CVE-2006-3206.json | 130 ++++---- 2006/3xxx/CVE-2006-3350.json | 180 +++++------ 2006/3xxx/CVE-2006-3376.json | 310 +++++++++---------- 2006/3xxx/CVE-2006-3698.json | 300 +++++++++--------- 2006/4xxx/CVE-2006-4393.json | 180 +++++------ 2006/4xxx/CVE-2006-4467.json | 170 +++++------ 2006/4xxx/CVE-2006-4969.json | 330 ++++++++++---------- 2006/6xxx/CVE-2006-6091.json | 160 +++++----- 2006/6xxx/CVE-2006-6504.json | 540 ++++++++++++++++----------------- 2006/6xxx/CVE-2006-6755.json | 160 +++++----- 2006/6xxx/CVE-2006-6845.json | 160 +++++----- 2006/6xxx/CVE-2006-6860.json | 170 +++++------ 2006/6xxx/CVE-2006-6959.json | 150 ++++----- 2006/7xxx/CVE-2006-7136.json | 150 ++++----- 2010/2xxx/CVE-2010-2187.json | 410 ++++++++++++------------- 2010/2xxx/CVE-2010-2803.json | 290 +++++++++--------- 2010/2xxx/CVE-2010-2924.json | 150 ++++----- 2011/0xxx/CVE-2011-0108.json | 34 +-- 2011/0xxx/CVE-2011-0189.json | 130 ++++---- 2011/0xxx/CVE-2011-0621.json | 150 ++++----- 2011/1xxx/CVE-2011-1124.json | 160 +++++----- 2011/1xxx/CVE-2011-1151.json | 34 +-- 2011/1xxx/CVE-2011-1455.json | 150 ++++----- 2011/1xxx/CVE-2011-1520.json | 170 +++++------ 2011/1xxx/CVE-2011-1713.json | 140 ++++----- 2011/4xxx/CVE-2011-4006.json | 130 ++++---- 2011/4xxx/CVE-2011-4099.json | 140 ++++----- 2011/4xxx/CVE-2011-4822.json | 200 ++++++------ 2014/2xxx/CVE-2014-2365.json | 120 ++++---- 2014/2xxx/CVE-2014-2672.json | 190 ++++++------ 2014/2xxx/CVE-2014-2856.json | 210 ++++++------- 2014/3xxx/CVE-2014-3517.json | 130 ++++---- 2014/3xxx/CVE-2014-3696.json | 200 ++++++------ 2014/3xxx/CVE-2014-3776.json | 190 ++++++------ 2014/6xxx/CVE-2014-6187.json | 180 +++++------ 2014/7xxx/CVE-2014-7359.json | 140 ++++----- 2014/7xxx/CVE-2014-7507.json | 140 ++++----- 2014/7xxx/CVE-2014-7692.json | 140 ++++----- 2014/7xxx/CVE-2014-7776.json | 140 ++++----- 2014/7xxx/CVE-2014-7930.json | 230 +++++++------- 2016/2xxx/CVE-2016-2512.json | 240 +++++++-------- 2016/2xxx/CVE-2016-2579.json | 34 +-- 2017/0xxx/CVE-2017-0224.json | 130 ++++---- 2017/18xxx/CVE-2017-18291.json | 120 ++++---- 2017/1xxx/CVE-2017-1184.json | 34 +-- 2017/1xxx/CVE-2017-1431.json | 172 +++++------ 2017/1xxx/CVE-2017-1884.json | 34 +-- 2017/5xxx/CVE-2017-5047.json | 130 ++++---- 2017/5xxx/CVE-2017-5637.json | 188 ++++++------ 2017/5xxx/CVE-2017-5794.json | 122 ++++---- 2017/5xxx/CVE-2017-5915.json | 120 ++++---- 51 files changed, 4356 insertions(+), 4356 deletions(-) diff --git a/2006/3xxx/CVE-2006-3206.json b/2006/3xxx/CVE-2006-3206.json index 840ad7f662c..f885f3a1df5 100644 --- a/2006/3xxx/CVE-2006-3206.json +++ b/2006/3xxx/CVE-2006-3206.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to create arbitrary accounts via the \"[NR]\" sequence in the signature field, which is used to separate multiple records." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060620 ULtimate PHP Board <= 1.96 GOLD Code Execution (exploit code)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437875/100/0/threaded" - }, - { - "name" : "1138", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to create arbitrary accounts via the \"[NR]\" sequence in the signature field, which is used to separate multiple records." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1138", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1138" + }, + { + "name": "20060620 ULtimate PHP Board <= 1.96 GOLD Code Execution (exploit code)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437875/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3350.json b/2006/3xxx/CVE-2006-3350.json index 187b268373c..9c86da2fcd5 100644 --- a/2006/3xxx/CVE-2006-3350.json +++ b/2006/3xxx/CVE-2006-3350.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in AutoVue SolidModel Professional Desktop Edition 19.1 Build 5993 allows user-assisted remote attackers to execute arbitrary code via a long filename in a (1) ARJ, (2) RAR, or (3) ZIP archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2006-3350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060726 Secunia Research: AutoVue SolidModel Professional Buffer OverflowVulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441173/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2006-56/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-56/advisory/" - }, - { - "name" : "19170", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19170" - }, - { - "name" : "ADV-2006-2979", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2979" - }, - { - "name" : "27516", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27516" - }, - { - "name" : "20852", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20852" - }, - { - "name" : "autovue-filename-bo(27968)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in AutoVue SolidModel Professional Desktop Edition 19.1 Build 5993 allows user-assisted remote attackers to execute arbitrary code via a long filename in a (1) ARJ, (2) RAR, or (3) ZIP archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "autovue-filename-bo(27968)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27968" + }, + { + "name": "27516", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27516" + }, + { + "name": "19170", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19170" + }, + { + "name": "http://secunia.com/secunia_research/2006-56/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-56/advisory/" + }, + { + "name": "20852", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20852" + }, + { + "name": "20060726 Secunia Research: AutoVue SolidModel Professional Buffer OverflowVulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441173/100/0/threaded" + }, + { + "name": "ADV-2006-2979", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2979" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3376.json b/2006/3xxx/CVE-2006-3376.json index fb8afc6a9f4..5e2fe4e3056 100644 --- a/2006/3xxx/CVE-2006-3376.json +++ b/2006/3xxx/CVE-2006-3376.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060630 libwmf integer/heap overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438803/100/0/threaded" - }, - { - "name" : "DSA-1194", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2006/dsa-1194" - }, - { - "name" : "GLSA-200608-17", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200608-17.xml" - }, - { - "name" : "MDKSA-2006:132", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:132" - }, - { - "name" : "RHSA-2006:0597", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0597.html" - }, - { - "name" : "SUSE-SR:2006:019", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_19_sr.html" - }, - { - "name" : "USN-333-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-333-1" - }, - { - "name" : "18751", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18751" - }, - { - "name" : "oval:org.mitre.oval:def:10262", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10262" - }, - { - "name" : "ADV-2006-2646", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2646" - }, - { - "name" : "1016518", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016518" - }, - { - "name" : "20921", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20921" - }, - { - "name" : "21064", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21064" - }, - { - "name" : "21261", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21261" - }, - { - "name" : "21473", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21473" - }, - { - "name" : "21419", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21419" - }, - { - "name" : "22311", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22311" - }, - { - "name" : "21459", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21459" - }, - { - "name" : "1190", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1190" - }, - { - "name" : "libwmf-wmf-bo(27516)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27516" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060630 libwmf integer/heap overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438803/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:10262", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10262" + }, + { + "name": "20921", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20921" + }, + { + "name": "libwmf-wmf-bo(27516)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27516" + }, + { + "name": "1016518", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016518" + }, + { + "name": "21473", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21473" + }, + { + "name": "22311", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22311" + }, + { + "name": "USN-333-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-333-1" + }, + { + "name": "1190", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1190" + }, + { + "name": "21459", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21459" + }, + { + "name": "18751", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18751" + }, + { + "name": "SUSE-SR:2006:019", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html" + }, + { + "name": "21064", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21064" + }, + { + "name": "ADV-2006-2646", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2646" + }, + { + "name": "DSA-1194", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2006/dsa-1194" + }, + { + "name": "21261", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21261" + }, + { + "name": "MDKSA-2006:132", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:132" + }, + { + "name": "21419", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21419" + }, + { + "name": "RHSA-2006:0597", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0597.html" + }, + { + "name": "GLSA-200608-17", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200608-17.xml" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3698.json b/2006/3xxx/CVE-2006-3698.json index 3c23a8a7623..6aa9c8a5fb9 100644 --- a/2006/3xxx/CVE-2006-3698.json +++ b/2006/3xxx/CVE-2006-3698.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB01 for Change Data Capture (CDC) component and (2) DB03 for Data Pump Metadata API. NOTE: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB01 is related to multiple SQL injection vulnerabilities in SYS.DBMS_CDC_IMPDP using the (a) IMPORT_CHANGE_SET, (b) IMPORT_CHANGE_TABLE, (c) IMPORT_CHANGE_COLUMN, (d) IMPORT_SUBSCRIBER, (e) IMPORT_SUBSCRIBED_TABLE, (f) IMPORT_SUBSCRIBED_COLUMN, (g) VALIDATE_IMPORT, (h) VALIDATE_CHANGE_SET, (i) VALIDATE_CHANGE_TABLE, and (j) VALIDATE_SUBSCRIPTION procedures, and that DB03 is for SQL injection in the MAIN procedure for SYS.KUPW$WORKER." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060718 Oracle Database - SQL Injection in SYS.DBMS_CDC_IMPDP [DB01]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440440/100/0/threaded" - }, - { - "name" : "20060718 Oracle Database - SQL Injection in SYS.KUPW$WORKER [DB03]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440439/100/0/threaded" - }, - { - "name" : "20060718 Oracle Database - SQL Injection in SYS.KUPW$WORKER [DB03]", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047994.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_cdc_impdp.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_cdc_impdp.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_sql_injection_kupw$worker.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_sql_injection_kupw$worker.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" - }, - { - "name" : "TA06-200A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" - }, - { - "name" : "19054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19054" - }, - { - "name" : "ADV-2006-2863", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2863" - }, - { - "name" : "ADV-2006-2947", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2947" - }, - { - "name" : "1016529", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016529" - }, - { - "name" : "21111", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21111" - }, - { - "name" : "21165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21165" - }, - { - "name" : "oracle-dbmscdcimpdp-sql-injection(27889)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27889" - }, - { - "name" : "oracle-cpu-july-2006(27897)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" - }, - { - "name" : "oracle-kupwworker-sql-injection(27888)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB01 for Change Data Capture (CDC) component and (2) DB03 for Data Pump Metadata API. NOTE: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB01 is related to multiple SQL injection vulnerabilities in SYS.DBMS_CDC_IMPDP using the (a) IMPORT_CHANGE_SET, (b) IMPORT_CHANGE_TABLE, (c) IMPORT_CHANGE_COLUMN, (d) IMPORT_SUBSCRIBER, (e) IMPORT_SUBSCRIBED_TABLE, (f) IMPORT_SUBSCRIBED_COLUMN, (g) VALIDATE_IMPORT, (h) VALIDATE_CHANGE_SET, (i) VALIDATE_CHANGE_TABLE, and (j) VALIDATE_SUBSCRIPTION procedures, and that DB03 is for SQL injection in the MAIN procedure for SYS.KUPW$WORKER." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016529", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016529" + }, + { + "name": "20060718 Oracle Database - SQL Injection in SYS.KUPW$WORKER [DB03]", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047994.html" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_cdc_impdp.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_cdc_impdp.html" + }, + { + "name": "20060718 Oracle Database - SQL Injection in SYS.KUPW$WORKER [DB03]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440439/100/0/threaded" + }, + { + "name": "oracle-dbmscdcimpdp-sql-injection(27889)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27889" + }, + { + "name": "19054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19054" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_sql_injection_kupw$worker.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_kupw$worker.html" + }, + { + "name": "oracle-cpu-july-2006(27897)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" + }, + { + "name": "21165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21165" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded" + }, + { + "name": "ADV-2006-2947", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2947" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded" + }, + { + "name": "TA06-200A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" + }, + { + "name": "20060718 Oracle Database - SQL Injection in SYS.DBMS_CDC_IMPDP [DB01]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440440/100/0/threaded" + }, + { + "name": "21111", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21111" + }, + { + "name": "oracle-kupwworker-sql-injection(27888)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27888" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" + }, + { + "name": "ADV-2006-2863", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2863" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4393.json b/2006/4xxx/CVE-2006-4393.json index 2419fff5b83..de3bce81381 100644 --- a/2006/4xxx/CVE-2006-4393.json +++ b/2006/4xxx/CVE-2006-4393.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2006-09-29", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html" - }, - { - "name" : "20271", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20271" - }, - { - "name" : "ADV-2006-3852", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3852" - }, - { - "name" : "29271", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29271" - }, - { - "name" : "1016959", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016959" - }, - { - "name" : "22187", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22187" - }, - { - "name" : "macos-fast-user-unauthorized-access(29290)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29290" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016959", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016959" + }, + { + "name": "20271", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20271" + }, + { + "name": "macos-fast-user-unauthorized-access(29290)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29290" + }, + { + "name": "22187", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22187" + }, + { + "name": "ADV-2006-3852", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3852" + }, + { + "name": "APPLE-SA-2006-09-29", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html" + }, + { + "name": "29271", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29271" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4467.json b/2006/4xxx/CVE-2006-4467.json index 417c0eaca7b..5aa1afaa005 100644 --- a/2006/4xxx/CVE-2006-4467.json +++ b/2006/4xxx/CVE-2006-4467.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before 1.0.8, does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to perform directory traversal attacks to read arbitrary local files, lock topics, and possibly have other security impacts. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Simple Machines Forum." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060822 Simple Machines Forum <=1.1RC2 unset() vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444053/100/100/threaded" - }, - { - "name" : "http://retrogod.altervista.org/smf_11rc2_local_incl.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/smf_11rc2_local_incl.html" - }, - { - "name" : "http://retrogod.altervista.org/smf_11rc2_lock.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/smf_11rc2_lock.html" - }, - { - "name" : "http://www.simplemachines.org/community/index.php?topic=107112.0", - "refsource" : "CONFIRM", - "url" : "http://www.simplemachines.org/community/index.php?topic=107112.0" - }, - { - "name" : "http://www.simplemachines.org/community/index.php?topic=107135.0", - "refsource" : "CONFIRM", - "url" : "http://www.simplemachines.org/community/index.php?topic=107135.0" - }, - { - "name" : "1475", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1475" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before 1.0.8, does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to perform directory traversal attacks to read arbitrary local files, lock topics, and possibly have other security impacts. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Simple Machines Forum." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.simplemachines.org/community/index.php?topic=107112.0", + "refsource": "CONFIRM", + "url": "http://www.simplemachines.org/community/index.php?topic=107112.0" + }, + { + "name": "1475", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1475" + }, + { + "name": "http://retrogod.altervista.org/smf_11rc2_lock.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/smf_11rc2_lock.html" + }, + { + "name": "20060822 Simple Machines Forum <=1.1RC2 unset() vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444053/100/100/threaded" + }, + { + "name": "http://retrogod.altervista.org/smf_11rc2_local_incl.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/smf_11rc2_local_incl.html" + }, + { + "name": "http://www.simplemachines.org/community/index.php?topic=107135.0", + "refsource": "CONFIRM", + "url": "http://www.simplemachines.org/community/index.php?topic=107135.0" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4969.json b/2006/4xxx/CVE-2006-4969.json index 09baf185cf0..18851c042b9 100644 --- a/2006/4xxx/CVE-2006-4969.json +++ b/2006/4xxx/CVE-2006-4969.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4969", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce Pie Cart Pro allow remote attackers to execute arbitrary PHP code via a URL in the Inc_Dir parameter in (1) affiliates.php, (2) orders.php, (3) events.php, (4) index.php, (5) articles.php, (6) faqs.php, (7) guestbook.php, (8) catalog.php, (9) wholesale.php, (10) weblinks.php, (11) certificates.php, (12) sitesearch.php, (13) contact.php, (14) sitemap.php, (15) search.php, (16) registry.php, or (17) error.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4969", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2393", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2393" - }, - { - "name" : "20099", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20099" - }, - { - "name" : "ADV-2006-3798", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3798" - }, - { - "name" : "29198", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29198" - }, - { - "name" : "29199", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29199" - }, - { - "name" : "29200", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29200" - }, - { - "name" : "29201", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29201" - }, - { - "name" : "29202", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29202" - }, - { - "name" : "29203", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29203" - }, - { - "name" : "29204", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29204" - }, - { - "name" : "29205", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29205" - }, - { - "name" : "29206", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29206" - }, - { - "name" : "29207", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29207" - }, - { - "name" : "29208", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29208" - }, - { - "name" : "29209", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29209" - }, - { - "name" : "29210", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29210" - }, - { - "name" : "29211", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29211" - }, - { - "name" : "29212", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29212" - }, - { - "name" : "29213", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29213" - }, - { - "name" : "29214", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29214" - }, - { - "name" : "22131", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22131" - }, - { - "name" : "piecartpro-incdir-file-include(29023)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29023" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce Pie Cart Pro allow remote attackers to execute arbitrary PHP code via a URL in the Inc_Dir parameter in (1) affiliates.php, (2) orders.php, (3) events.php, (4) index.php, (5) articles.php, (6) faqs.php, (7) guestbook.php, (8) catalog.php, (9) wholesale.php, (10) weblinks.php, (11) certificates.php, (12) sitesearch.php, (13) contact.php, (14) sitemap.php, (15) search.php, (16) registry.php, or (17) error.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29198", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29198" + }, + { + "name": "29211", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29211" + }, + { + "name": "29210", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29210" + }, + { + "name": "29206", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29206" + }, + { + "name": "29199", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29199" + }, + { + "name": "2393", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2393" + }, + { + "name": "29200", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29200" + }, + { + "name": "29208", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29208" + }, + { + "name": "29202", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29202" + }, + { + "name": "29201", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29201" + }, + { + "name": "29203", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29203" + }, + { + "name": "ADV-2006-3798", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3798" + }, + { + "name": "29212", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29212" + }, + { + "name": "29214", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29214" + }, + { + "name": "20099", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20099" + }, + { + "name": "29209", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29209" + }, + { + "name": "piecartpro-incdir-file-include(29023)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29023" + }, + { + "name": "29205", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29205" + }, + { + "name": "29204", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29204" + }, + { + "name": "29207", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29207" + }, + { + "name": "29213", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29213" + }, + { + "name": "22131", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22131" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6091.json b/2006/6xxx/CVE-2006-6091.json index 7955be30fb2..ccea97e576c 100644 --- a/2006/6xxx/CVE-2006-6091.json +++ b/2006/6xxx/CVE-2006-6091.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB before 2006_11_21 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=465519&group_id=182536", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=465519&group_id=182536" - }, - { - "name" : "21243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21243" - }, - { - "name" : "ADV-2006-4666", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4666" - }, - { - "name" : "23065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23065" - }, - { - "name" : "grimbb-unspecified-xss(30469)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB before 2006_11_21 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23065" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=465519&group_id=182536", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=465519&group_id=182536" + }, + { + "name": "ADV-2006-4666", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4666" + }, + { + "name": "21243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21243" + }, + { + "name": "grimbb-unspecified-xss(30469)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30469" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6504.json b/2006/6xxx/CVE-2006-6504.json index a4f4c6dad0f..e58c80755e6 100644 --- a/2006/6xxx/CVE-2006-6504.json +++ b/2006/6xxx/CVE-2006-6504.json @@ -1,272 +1,272 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-6504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061220 ZDI-06-051: Mozilla Firefox SVG Processing Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454939/100/0/threaded" - }, - { - "name" : "20070102 rPSA-2006-0234-2 firefox thunderbird", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455728/100/200/threaded" - }, - { - "name" : "20061222 rPSA-2006-0234-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455145/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-051.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-051.html" - }, - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-73.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-73.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-883", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-883" - }, - { - "name" : "FEDORA-2006-1491", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/cms/node/2297" - }, - { - "name" : "FEDORA-2007-004", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/cms/node/2338" - }, - { - "name" : "GLSA-200701-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200701-02.xml" - }, - { - "name" : "GLSA-200701-04", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" - }, - { - "name" : "MDKSA-2007:010", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:010" - }, - { - "name" : "RHSA-2006:0758", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0758.html" - }, - { - "name" : "RHSA-2006:0759", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0759.html" - }, - { - "name" : "RHSA-2006:0760", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0760.html" - }, - { - "name" : "20061202-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc" - }, - { - "name" : "SUSE-SA:2006:080", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html" - }, - { - "name" : "SUSE-SA:2007:006", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html" - }, - { - "name" : "USN-398-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-398-1" - }, - { - "name" : "USN-398-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-398-2" - }, - { - "name" : "TA06-354A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-354A.html" - }, - { - "name" : "VU#928956", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/928956" - }, - { - "name" : "21668", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21668" - }, - { - "name" : "oval:org.mitre.oval:def:11077", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11077" - }, - { - "name" : "ADV-2006-5068", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5068" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "1017417", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017417" - }, - { - "name" : "1017418", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017418" - }, - { - "name" : "23433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23433" - }, - { - "name" : "23439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23439" - }, - { - "name" : "23440", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23440" - }, - { - "name" : "23282", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23282" - }, - { - "name" : "23422", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23422" - }, - { - "name" : "23468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23468" - }, - { - "name" : "23514", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23514" - }, - { - "name" : "23589", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23589" - }, - { - "name" : "23601", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23601" - }, - { - "name" : "23545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23545" - }, - { - "name" : "23614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23614" - }, - { - "name" : "23618", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23618" - }, - { - "name" : "23692", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23692" - }, - { - "name" : "23672", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23672" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21668", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21668" + }, + { + "name": "23433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23433" + }, + { + "name": "MDKSA-2007:010", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:010" + }, + { + "name": "23439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23439" + }, + { + "name": "23672", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23672" + }, + { + "name": "ADV-2006-5068", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5068" + }, + { + "name": "23468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23468" + }, + { + "name": "RHSA-2006:0758", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0758.html" + }, + { + "name": "1017417", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017417" + }, + { + "name": "23692", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23692" + }, + { + "name": "USN-398-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-398-2" + }, + { + "name": "GLSA-200701-04", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml" + }, + { + "name": "23282", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23282" + }, + { + "name": "FEDORA-2006-1491", + "refsource": "FEDORA", + "url": "http://fedoranews.org/cms/node/2297" + }, + { + "name": "23422", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23422" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-73.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-73.html" + }, + { + "name": "23614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23614" + }, + { + "name": "RHSA-2006:0759", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0759.html" + }, + { + "name": "oval:org.mitre.oval:def:11077", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11077" + }, + { + "name": "USN-398-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-398-1" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-051.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-051.html" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "FEDORA-2007-004", + "refsource": "FEDORA", + "url": "http://fedoranews.org/cms/node/2338" + }, + { + "name": "20061202-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc" + }, + { + "name": "23440", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23440" + }, + { + "name": "SUSE-SA:2006:080", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html" + }, + { + "name": "20061222 rPSA-2006-0234-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455145/100/0/threaded" + }, + { + "name": "23545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23545" + }, + { + "name": "23618", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23618" + }, + { + "name": "1017418", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017418" + }, + { + "name": "TA06-354A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html" + }, + { + "name": "20061220 ZDI-06-051: Mozilla Firefox SVG Processing Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454939/100/0/threaded" + }, + { + "name": "23589", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23589" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" + }, + { + "name": "VU#928956", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/928956" + }, + { + "name": "https://issues.rpath.com/browse/RPL-883", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-883" + }, + { + "name": "20070102 rPSA-2006-0234-2 firefox thunderbird", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455728/100/200/threaded" + }, + { + "name": "SUSE-SA:2007:006", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html" + }, + { + "name": "23601", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23601" + }, + { + "name": "23514", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23514" + }, + { + "name": "GLSA-200701-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200701-02.xml" + }, + { + "name": "RHSA-2006:0760", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0760.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6755.json b/2006/6xxx/CVE-2006-6755.json index f854235c390..5c69b695553 100644 --- a/2006/6xxx/CVE-2006-6755.json +++ b/2006/6xxx/CVE-2006-6755.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ixprim 1.2 allows remote attackers to obtain sensitive information via a direct request for kernel/plugins/fckeditor2/ixprim_api.php, which reveals the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061221 Ixprim CMS 1.2 Remote Blind SQL Injection Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455084/100/0/threaded" - }, - { - "name" : "http://acid-root.new.fr/poc/16061221.txt", - "refsource" : "MISC", - "url" : "http://acid-root.new.fr/poc/16061221.txt" - }, - { - "name" : "2975", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2975" - }, - { - "name" : "2073", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2073" - }, - { - "name" : "ixprim-ixprim-path-disclosure(31144)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ixprim 1.2 allows remote attackers to obtain sensitive information via a direct request for kernel/plugins/fckeditor2/ixprim_api.php, which reveals the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061221 Ixprim CMS 1.2 Remote Blind SQL Injection Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455084/100/0/threaded" + }, + { + "name": "2975", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2975" + }, + { + "name": "http://acid-root.new.fr/poc/16061221.txt", + "refsource": "MISC", + "url": "http://acid-root.new.fr/poc/16061221.txt" + }, + { + "name": "2073", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2073" + }, + { + "name": "ixprim-ixprim-path-disclosure(31144)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31144" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6845.json b/2006/6xxx/CVE-2006-6845.json index 9ddf2f0b5f4..8b7fb5bddac 100644 --- a/2006/6xxx/CVE-2006-6845.json +++ b/2006/6xxx/CVE-2006-6845.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the cntnt01searchinput parameter in a Search action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061228 Re: XSS - CMS Made Simple v1.0.2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455417/100/0/threaded" - }, - { - "name" : "21527", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21527" - }, - { - "name" : "ADV-2007-0027", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0027" - }, - { - "name" : "32571", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32571" - }, - { - "name" : "23582", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23582" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the cntnt01searchinput parameter in a Search action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061228 Re: XSS - CMS Made Simple v1.0.2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455417/100/0/threaded" + }, + { + "name": "ADV-2007-0027", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0027" + }, + { + "name": "21527", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21527" + }, + { + "name": "23582", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23582" + }, + { + "name": "32571", + "refsource": "OSVDB", + "url": "http://osvdb.org/32571" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6860.json b/2006/6xxx/CVE-2006-6860.json index aabec2ca185..290cb7d2917 100644 --- a/2006/6xxx/CVE-2006-6860.json +++ b/2006/6xxx/CVE-2006-6860.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061230 MythControl (MythTV remote control) arbitrary code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455548/100/0/threaded" - }, - { - "name" : "21839", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21839" - }, - { - "name" : "ADV-2007-0024", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0024" - }, - { - "name" : "1017460", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017460" - }, - { - "name" : "23607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23607" - }, - { - "name" : "2096", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2096" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21839", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21839" + }, + { + "name": "ADV-2007-0024", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0024" + }, + { + "name": "2096", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2096" + }, + { + "name": "1017460", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017460" + }, + { + "name": "23607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23607" + }, + { + "name": "20061230 MythControl (MythTV remote control) arbitrary code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455548/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6959.json b/2006/6xxx/CVE-2006-6959.json index 59aa68bd0ea..08e18238d58 100644 --- a/2006/6xxx/CVE-2006-6959.json +++ b/2006/6xxx/CVE-2006-6959.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the \"Startup-Shield\" security restrictions by modifying certain registry keys." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060620 Multiple Bypass and Integrity Lost Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437814/100/200/threaded" - }, - { - "name" : "http://www.sentinel.gr/advisories/SGA-0001.txt", - "refsource" : "MISC", - "url" : "http://www.sentinel.gr/advisories/SGA-0001.txt" - }, - { - "name" : "27535", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27535" - }, - { - "name" : "spy-sweeper-registry-security-bypass(27264)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27264" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the \"Startup-Shield\" security restrictions by modifying certain registry keys." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "spy-sweeper-registry-security-bypass(27264)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27264" + }, + { + "name": "20060620 Multiple Bypass and Integrity Lost Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437814/100/200/threaded" + }, + { + "name": "27535", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27535" + }, + { + "name": "http://www.sentinel.gr/advisories/SGA-0001.txt", + "refsource": "MISC", + "url": "http://www.sentinel.gr/advisories/SGA-0001.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7136.json b/2006/7xxx/CVE-2006-7136.json index 816840845db..58d4f122170 100644 --- a/2006/7xxx/CVE-2006-7136.json +++ b/2006/7xxx/CVE-2006-7136.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in PHP Poll Creator (phpPC) 1.04 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter to (1) poll.php, (2) poll_kommentar.php, and (3) poll_sm.php, different vectors and version than CVE-2005-1755." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2827", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2827" - }, - { - "name" : "21245", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21245" - }, - { - "name" : "15510", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15510" - }, - { - "name" : "phppc-functions-file-include(29393)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29393" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in PHP Poll Creator (phpPC) 1.04 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter to (1) poll.php, (2) poll_kommentar.php, and (3) poll_sm.php, different vectors and version than CVE-2005-1755." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15510", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15510" + }, + { + "name": "phppc-functions-file-include(29393)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29393" + }, + { + "name": "21245", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21245" + }, + { + "name": "2827", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2827" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2187.json b/2010/2xxx/CVE-2010-2187.json index 1128743e187..74e31c5356b 100644 --- a/2010/2xxx/CVE-2010-2187.json +++ b/2010/2xxx/CVE-2010-2187.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2187", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2188." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2187", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-14.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-14.html" - }, - { - "name" : "http://support.apple.com/kb/HT4435", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4435" - }, - { - "name" : "APPLE-SA-2010-11-10-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" - }, - { - "name" : "GLSA-201101-09", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201101-09.xml" - }, - { - "name" : "HPSBMA02547", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" - }, - { - "name" : "SSRT100179", - "refsource" : "HP", - "url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" - }, - { - "name" : "RHSA-2010:0464", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0464.html" - }, - { - "name" : "RHSA-2010:0470", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0470.html" - }, - { - "name" : "SUSE-SA:2010:024", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html" - }, - { - "name" : "SUSE-SR:2010:013", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" - }, - { - "name" : "TLSA-2010-19", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt" - }, - { - "name" : "TA10-162A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-162A.html" - }, - { - "name" : "40759", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40759" - }, - { - "name" : "40797", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40797" - }, - { - "name" : "oval:org.mitre.oval:def:7266", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7266" - }, - { - "name" : "oval:org.mitre.oval:def:16056", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16056" - }, - { - "name" : "1024085", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024085" - }, - { - "name" : "1024086", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024086" - }, - { - "name" : "40144", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40144" - }, - { - "name" : "40545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40545" - }, - { - "name" : "43026", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43026" - }, - { - "name" : "ADV-2010-1453", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1453" - }, - { - "name" : "ADV-2010-1421", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1421" - }, - { - "name" : "ADV-2010-1432", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1432" - }, - { - "name" : "ADV-2010-1434", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1434" - }, - { - "name" : "ADV-2010-1482", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1482" - }, - { - "name" : "ADV-2010-1522", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1522" - }, - { - "name" : "ADV-2010-1793", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1793" - }, - { - "name" : "ADV-2011-0192", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0192" - }, - { - "name" : "adobe-fpair-unspec-code-exec(59336)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2188." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0192", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0192" + }, + { + "name": "ADV-2010-1421", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1421" + }, + { + "name": "http://support.apple.com/kb/HT4435", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4435" + }, + { + "name": "40545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40545" + }, + { + "name": "oval:org.mitre.oval:def:16056", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16056" + }, + { + "name": "RHSA-2010:0464", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html" + }, + { + "name": "ADV-2010-1793", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1793" + }, + { + "name": "40797", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40797" + }, + { + "name": "43026", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43026" + }, + { + "name": "ADV-2010-1432", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1432" + }, + { + "name": "GLSA-201101-09", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201101-09.xml" + }, + { + "name": "TA10-162A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html" + }, + { + "name": "APPLE-SA-2010-11-10-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" + }, + { + "name": "40759", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40759" + }, + { + "name": "1024085", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024085" + }, + { + "name": "SUSE-SR:2010:013", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" + }, + { + "name": "1024086", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024086" + }, + { + "name": "ADV-2010-1434", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1434" + }, + { + "name": "TLSA-2010-19", + "refsource": "TURBO", + "url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt" + }, + { + "name": "SSRT100179", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" + }, + { + "name": "SUSE-SA:2010:024", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-14.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html" + }, + { + "name": "40144", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40144" + }, + { + "name": "RHSA-2010:0470", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html" + }, + { + "name": "adobe-fpair-unspec-code-exec(59336)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59336" + }, + { + "name": "ADV-2010-1482", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1482" + }, + { + "name": "oval:org.mitre.oval:def:7266", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7266" + }, + { + "name": "HPSBMA02547", + "refsource": "HP", + "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" + }, + { + "name": "ADV-2010-1522", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1522" + }, + { + "name": "ADV-2010-1453", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1453" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2803.json b/2010/2xxx/CVE-2010-2803.json index b20178b7bfc..c3007e2219d 100644 --- a/2010/2xxx/CVE-2010-2803.json +++ b/2010/2xxx/CVE-2010-2803.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows local users to obtain potentially sensitive information from kernel memory by requesting a large memory-allocation amount." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git;a=commit;h=1b2f1489633888d4a06028315dc19d65768a1c05", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git;a=commit;h=1b2f1489633888d4a06028315dc19d65768a1c05" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git;a=commit;h=b9f0aee83335db1f3915f4e42a5e21b351740afd", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git;a=commit;h=b9f0aee83335db1f3915f4e42a5e21b351740afd" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b9f0aee83335db1f3915f4e42a5e21b351740afd", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b9f0aee83335db1f3915f4e42a5e21b351740afd" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=621435", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=621435" - }, - { - "name" : "DSA-2094", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2094" - }, - { - "name" : "MDVSA-2010:198", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198" - }, - { - "name" : "RHSA-2010:0842", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-0842.html" - }, - { - "name" : "SUSE-SA:2010:041", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html" - }, - { - "name" : "SUSE-SA:2010:040", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html" - }, - { - "name" : "SUSE-SA:2010:054", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html" - }, - { - "name" : "SUSE-SA:2011:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" - }, - { - "name" : "41512", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41512" - }, - { - "name" : "ADV-2010-2430", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2430" - }, - { - "name" : "ADV-2011-0298", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows local users to obtain potentially sensitive information from kernel memory by requesting a large memory-allocation amount." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b9f0aee83335db1f3915f4e42a5e21b351740afd", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b9f0aee83335db1f3915f4e42a5e21b351740afd" + }, + { + "name": "SUSE-SA:2010:041", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6" + }, + { + "name": "MDVSA-2010:198", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198" + }, + { + "name": "SUSE-SA:2010:040", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53" + }, + { + "name": "ADV-2010-2430", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2430" + }, + { + "name": "SUSE-SA:2011:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" + }, + { + "name": "RHSA-2010:0842", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-0842.html" + }, + { + "name": "ADV-2011-0298", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0298" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git;a=commit;h=1b2f1489633888d4a06028315dc19d65768a1c05", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git;a=commit;h=1b2f1489633888d4a06028315dc19d65768a1c05" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4" + }, + { + "name": "DSA-2094", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2094" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=621435", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=621435" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git;a=commit;h=b9f0aee83335db1f3915f4e42a5e21b351740afd", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git;a=commit;h=b9f0aee83335db1f3915f4e42a5e21b351740afd" + }, + { + "name": "SUSE-SA:2010:054", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21" + }, + { + "name": "41512", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41512" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2924.json b/2010/2xxx/CVE-2010-2924.json index d09e145eccc..ea8dd757850 100644 --- a/2010/2xxx/CVE-2010-2924.json +++ b/2010/2xxx/CVE-2010-2924.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in myLDlinker.php in the myLinksDump Plugin 1.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the url parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14441", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14441" - }, - { - "name" : "66566", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/66566" - }, - { - "name" : "40692", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40692" - }, - { - "name" : "mylinksdump-myldlinker-sql-injection(60591)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60591" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in myLDlinker.php in the myLinksDump Plugin 1.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the url parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14441", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14441" + }, + { + "name": "40692", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40692" + }, + { + "name": "mylinksdump-myldlinker-sql-injection(60591)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60591" + }, + { + "name": "66566", + "refsource": "OSVDB", + "url": "http://osvdb.org/66566" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0108.json b/2011/0xxx/CVE-2011-0108.json index a2a966664d8..9c7ee5ac32a 100644 --- a/2011/0xxx/CVE-2011-0108.json +++ b/2011/0xxx/CVE-2011-0108.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0108", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-0108", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0189.json b/2011/0xxx/CVE-2011-0189.json index 8eb682621b7..7eccb570e60 100644 --- a/2011/0xxx/CVE-2011-0189.json +++ b/2011/0xxx/CVE-2011-0189.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0189", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of Terminal in Apple Mac OS X 10.6 before 10.6.7 uses SSH protocol version 1 within the New Remote Connection dialog, which might make it easier for man-in-the-middle attackers to spoof SSH servers by leveraging protocol vulnerabilities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0189", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4581", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4581" - }, - { - "name" : "APPLE-SA-2011-03-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of Terminal in Apple Mac OS X 10.6 before 10.6.7 uses SSH protocol version 1 within the New Remote Connection dialog, which might make it easier for man-in-the-middle attackers to spoof SSH servers by leveraging protocol vulnerabilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2011-03-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" + }, + { + "name": "http://support.apple.com/kb/HT4581", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4581" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0621.json b/2011/0xxx/CVE-2011-0621.json index 3d17d13394f..8ec9849871d 100644 --- a/2011/0xxx/CVE-2011-0621.json +++ b/2011/0xxx/CVE-2011-0621.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0622." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-0621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-12.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-12.html" - }, - { - "name" : "SUSE-SA:2011:025", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" - }, - { - "name" : "oval:org.mitre.oval:def:14160", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14160" - }, - { - "name" : "oval:org.mitre.oval:def:15739", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15739" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0622." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15739", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15739" + }, + { + "name": "oval:org.mitre.oval:def:14160", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14160" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-12.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" + }, + { + "name": "SUSE-SA:2011:025", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1124.json b/2011/1xxx/CVE-2011-1124.json index 46d3691ed3a..4b5bfc6a2aa 100644 --- a/2011/1xxx/CVE-2011-1124.json +++ b/2011/1xxx/CVE-2011-1124.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to blocked plug-ins." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=72437", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=72437" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html" - }, - { - "name" : "46614", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46614" - }, - { - "name" : "oval:org.mitre.oval:def:14563", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14563" - }, - { - "name" : "google-chrome-plugins-code-execution(65742)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to blocked plug-ins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46614", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46614" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=72437", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=72437" + }, + { + "name": "google-chrome-plugins-code-execution(65742)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65742" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html" + }, + { + "name": "oval:org.mitre.oval:def:14563", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14563" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1151.json b/2011/1xxx/CVE-2011-1151.json index 8c15908d841..3193407de89 100644 --- a/2011/1xxx/CVE-2011-1151.json +++ b/2011/1xxx/CVE-2011-1151.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1151", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1151", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1455.json b/2011/1xxx/CVE-2011-1455.json index 1105f3be6b3..e73f6260246 100644 --- a/2011/1xxx/CVE-2011-1455.json +++ b/2011/1xxx/CVE-2011-1455.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 11.0.696.57 does not properly handle PDF documents with multipart encoding, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=79361", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=79361" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14136", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14136" - }, - { - "name" : "chrome-pdf-code-execution(67161)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67161" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 11.0.696.57 does not properly handle PDF documents with multipart encoding, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14136", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14136" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html" + }, + { + "name": "chrome-pdf-code-execution(67161)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67161" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=79361", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=79361" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1520.json b/2011/1xxx/CVE-2011-1520.json index 22ae0408ffa..b9e679cc5df 100644 --- a/2011/1xxx/CVE-2011-1520.json +++ b/2011/1xxx/CVE-2011-1520.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1520", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1520", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110322 ZDI-11-110: (0day) IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517119/100/0/threaded" - }, - { - "name" : "http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=/com.ibm.help.domino.admin.doc/DOC/H_THE_DOMINO_CONTROLLER_AND_CONSOLE_OVER.html", - "refsource" : "MISC", - "url" : "http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=/com.ibm.help.domino.admin.doc/DOC/H_THE_DOMINO_CONTROLLER_AND_CONSOLE_OVER.html" - }, - { - "name" : "http://www.lotus.com/ldd/doc/domino_notes/rnext/help6_admin.nsf/2e73cbb2141acefa85256b8700688cea/0c50e423038555d085256c1d003a31f0?OpenDocument", - "refsource" : "MISC", - "url" : "http://www.lotus.com/ldd/doc/domino_notes/rnext/help6_admin.nsf/2e73cbb2141acefa85256b8700688cea/0c50e423038555d085256c1d003a31f0?OpenDocument" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-110", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-110" - }, - { - "name" : "http://www.lotus.com/ldd/dominowiki.nsf/dx/server_console_password", - "refsource" : "CONFIRM", - "url" : "http://www.lotus.com/ldd/dominowiki.nsf/dx/server_console_password" - }, - { - "name" : "8164", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-110", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-110" + }, + { + "name": "http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=/com.ibm.help.domino.admin.doc/DOC/H_THE_DOMINO_CONTROLLER_AND_CONSOLE_OVER.html", + "refsource": "MISC", + "url": "http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=/com.ibm.help.domino.admin.doc/DOC/H_THE_DOMINO_CONTROLLER_AND_CONSOLE_OVER.html" + }, + { + "name": "http://www.lotus.com/ldd/doc/domino_notes/rnext/help6_admin.nsf/2e73cbb2141acefa85256b8700688cea/0c50e423038555d085256c1d003a31f0?OpenDocument", + "refsource": "MISC", + "url": "http://www.lotus.com/ldd/doc/domino_notes/rnext/help6_admin.nsf/2e73cbb2141acefa85256b8700688cea/0c50e423038555d085256c1d003a31f0?OpenDocument" + }, + { + "name": "20110322 ZDI-11-110: (0day) IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517119/100/0/threaded" + }, + { + "name": "8164", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8164" + }, + { + "name": "http://www.lotus.com/ldd/dominowiki.nsf/dx/server_console_password", + "refsource": "CONFIRM", + "url": "http://www.lotus.com/ldd/dominowiki.nsf/dx/server_console_password" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1713.json b/2011/1xxx/CVE-2011-1713.json index 68b5251af4a..78ff582c392 100644 --- a/2011/1xxx/CVE-2011-1713.json +++ b/2011/1xxx/CVE-2011-1713.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1713", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html", - "refsource" : "MISC", - "url" : "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html" - }, - { - "name" : "oval:org.mitre.oval:def:12693", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12693" - }, - { - "name" : "ms-msxml-info-disclosure(66835)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66835" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12693", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12693" + }, + { + "name": "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html", + "refsource": "MISC", + "url": "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html" + }, + { + "name": "ms-msxml-info-disclosure(66835)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66835" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4006.json b/2011/4xxx/CVE-2011-4006.json index 8aae125cd4f..5d6f37d52c4 100644 --- a/2011/4xxx/CVE-2011-4006.json +++ b/2011/4xxx/CVE-2011-4006.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ESMTP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.5 allows remote attackers to cause a denial of service (CPU consumption) via an unspecified closing sequence, aka Bug ID CSCtt32565." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-4006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/web/software/283878312/88166/ASA-851-Interim-Release-Notes.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/web/software/283878312/88166/ASA-851-Interim-Release-Notes.html" - }, - { - "name" : "1027008", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ESMTP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.5 allows remote attackers to cause a denial of service (CPU consumption) via an unspecified closing sequence, aka Bug ID CSCtt32565." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027008", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027008" + }, + { + "name": "http://www.cisco.com/web/software/283878312/88166/ASA-851-Interim-Release-Notes.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/web/software/283878312/88166/ASA-851-Interim-Release-Notes.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4099.json b/2011/4xxx/CVE-2011-4099.json index 00062f1485c..f99a2ac6077 100644 --- a/2011/4xxx/CVE-2011-4099.json +++ b/2011/4xxx/CVE-2011-4099.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=722694", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=722694" - }, - { - "name" : "https://sites.google.com/site/fullycapable/release-notes-for-libcap/releasenotesfor222", - "refsource" : "CONFIRM", - "url" : "https://sites.google.com/site/fullycapable/release-notes-for-libcap/releasenotesfor222" - }, - { - "name" : "RHSA-2011:1694", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-1694.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=722694", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=722694" + }, + { + "name": "https://sites.google.com/site/fullycapable/release-notes-for-libcap/releasenotesfor222", + "refsource": "CONFIRM", + "url": "https://sites.google.com/site/fullycapable/release-notes-for-libcap/releasenotesfor222" + }, + { + "name": "RHSA-2011:1694", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-1694.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4822.json b/2011/4xxx/CVE-2011-4822.json index eefad7c0c30..a4bca58f5d6 100644 --- a/2011/4xxx/CVE-2011-4822.json +++ b/2011/4xxx/CVE-2011-4822.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the user profile feature in Atlassian FishEye before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) snippets in a user comment, which is not properly handled in a Confluence page, or (2) the user profile display name, which is not properly handled in a FishEye page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2011-11-22", - "refsource" : "CONFIRM", - "url" : "http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2011-11-22" - }, - { - "name" : "https://jira.atlassian.com/browse/FE-3797", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/FE-3797" - }, - { - "name" : "https://jira.atlassian.com/browse/FE-3798", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/FE-3798" - }, - { - "name" : "50762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50762" - }, - { - "name" : "77263", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77263" - }, - { - "name" : "77264", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77264" - }, - { - "name" : "46975", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46975" - }, - { - "name" : "fisheye-comment-xss(71427)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71427" - }, - { - "name" : "fisheye-display-name-xss(71426)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the user profile feature in Atlassian FishEye before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) snippets in a user comment, which is not properly handled in a Confluence page, or (2) the user profile display name, which is not properly handled in a FishEye page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "fisheye-display-name-xss(71426)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71426" + }, + { + "name": "https://jira.atlassian.com/browse/FE-3797", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/FE-3797" + }, + { + "name": "fisheye-comment-xss(71427)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71427" + }, + { + "name": "https://jira.atlassian.com/browse/FE-3798", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/FE-3798" + }, + { + "name": "77264", + "refsource": "OSVDB", + "url": "http://osvdb.org/77264" + }, + { + "name": "http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2011-11-22", + "refsource": "CONFIRM", + "url": "http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2011-11-22" + }, + { + "name": "46975", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46975" + }, + { + "name": "50762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50762" + }, + { + "name": "77263", + "refsource": "OSVDB", + "url": "http://osvdb.org/77263" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2365.json b/2014/2xxx/CVE-2014-2365.json index 116dc83bee6..06717e50931 100644 --- a/2014/2xxx/CVE-2014-2365.json +++ b/2014/2xxx/CVE-2014-2365.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2365", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-2365", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2672.json b/2014/2xxx/CVE-2014-2672.json index 66a8a692e78..d82d7b37b18 100644 --- a/2014/2xxx/CVE-2014-2672.json +++ b/2014/2xxx/CVE-2014-2672.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a large amount of network traffic that triggers certain list deletions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140330 Re: CVE request: Linux Kernel, two security issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/03/30/5" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=21f8aaee0c62708654988ce092838aa7df4d25d8", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=21f8aaee0c62708654988ce092838aa7df4d25d8" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7" - }, - { - "name" : "https://bugzilla.kernel.org/show_bug.cgi?id=70551", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.kernel.org/show_bug.cgi?id=70551" - }, - { - "name" : "https://github.com/torvalds/linux/commit/21f8aaee0c62708654988ce092838aa7df4d25d8", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/21f8aaee0c62708654988ce092838aa7df4d25d8" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.15", - "refsource" : "CONFIRM", - "url" : "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.15" - }, - { - "name" : "66492", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66492" - }, - { - "name" : "57468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57468" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a large amount of network traffic that triggers certain list deletions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.kernel.org/show_bug.cgi?id=70551", + "refsource": "CONFIRM", + "url": "https://bugzilla.kernel.org/show_bug.cgi?id=70551" + }, + { + "name": "https://github.com/torvalds/linux/commit/21f8aaee0c62708654988ce092838aa7df4d25d8", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/21f8aaee0c62708654988ce092838aa7df4d25d8" + }, + { + "name": "[oss-security] 20140330 Re: CVE request: Linux Kernel, two security issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/03/30/5" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.15", + "refsource": "CONFIRM", + "url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.15" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=21f8aaee0c62708654988ce092838aa7df4d25d8", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=21f8aaee0c62708654988ce092838aa7df4d25d8" + }, + { + "name": "66492", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66492" + }, + { + "name": "57468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57468" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2856.json b/2014/2xxx/CVE-2014-2856.json index d8917936b1e..16fef4a0322 100644 --- a/2014/2xxx/CVE-2014-2856.json +++ b/2014/2xxx/CVE-2014-2856.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2856", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140414 CVE request: cross-site scripting issue fixed in CUPS 1.7.2", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/04/14/2" - }, - { - "name" : "[oss-security] 20140415 Re: CVE request: cross-site scripting issue fixed in CUPS 1.7.2", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/04/15/3" - }, - { - "name" : "http://www.cups.org/documentation.php/relnotes.html", - "refsource" : "CONFIRM", - "url" : "http://www.cups.org/documentation.php/relnotes.html" - }, - { - "name" : "http://www.cups.org/str.php?L4356", - "refsource" : "CONFIRM", - "url" : "http://www.cups.org/str.php?L4356" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0193.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0193.html" - }, - { - "name" : "MDVSA-2015:108", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:108" - }, - { - "name" : "RHSA-2014:1388", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1388.html" - }, - { - "name" : "USN-2172-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2172-1" - }, - { - "name" : "66788", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66788" - }, - { - "name" : "57880", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57880" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57880", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57880" + }, + { + "name": "66788", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66788" + }, + { + "name": "USN-2172-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2172-1" + }, + { + "name": "[oss-security] 20140414 CVE request: cross-site scripting issue fixed in CUPS 1.7.2", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/04/14/2" + }, + { + "name": "RHSA-2014:1388", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1388.html" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0193.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0193.html" + }, + { + "name": "http://www.cups.org/documentation.php/relnotes.html", + "refsource": "CONFIRM", + "url": "http://www.cups.org/documentation.php/relnotes.html" + }, + { + "name": "http://www.cups.org/str.php?L4356", + "refsource": "CONFIRM", + "url": "http://www.cups.org/str.php?L4356" + }, + { + "name": "[oss-security] 20140415 Re: CVE request: cross-site scripting issue fixed in CUPS 1.7.2", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/04/15/3" + }, + { + "name": "MDVSA-2015:108", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:108" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3517.json b/2014/3xxx/CVE-2014-3517.json index 4cd3c3c1fa9..b6ccfd427ee 100644 --- a/2014/3xxx/CVE-2014-3517.json +++ b/2014/3xxx/CVE-2014-3517.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140717 [OSSA 2014-024] Use of non-constant time comparison operation (CVE-2014-3517)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/07/17/2" - }, - { - "name" : "https://bugs.launchpad.net/nova/+bug/1325128", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/nova/+bug/1325128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140717 [OSSA 2014-024] Use of non-constant time comparison operation (CVE-2014-3517)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/07/17/2" + }, + { + "name": "https://bugs.launchpad.net/nova/+bug/1325128", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/nova/+bug/1325128" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3696.json b/2014/3xxx/CVE-2014-3696.json index 97b25cb9547..476f3a21fc7 100644 --- a/2014/3xxx/CVE-2014-3696.json +++ b/2014/3xxx/CVE-2014-3696.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.pidgin.im/pidgin/main/rev/44fd89158777", - "refsource" : "CONFIRM", - "url" : "http://hg.pidgin.im/pidgin/main/rev/44fd89158777" - }, - { - "name" : "http://pidgin.im/news/security/?id=88", - "refsource" : "CONFIRM", - "url" : "http://pidgin.im/news/security/?id=88" - }, - { - "name" : "DSA-3055", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3055" - }, - { - "name" : "RHSA-2017:1854", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1854" - }, - { - "name" : "openSUSE-SU-2014:1376", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html" - }, - { - "name" : "openSUSE-SU-2014:1397", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html" - }, - { - "name" : "USN-2390-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2390-1" - }, - { - "name" : "60741", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60741" - }, - { - "name" : "61968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pidgin.im/news/security/?id=88", + "refsource": "CONFIRM", + "url": "http://pidgin.im/news/security/?id=88" + }, + { + "name": "http://hg.pidgin.im/pidgin/main/rev/44fd89158777", + "refsource": "CONFIRM", + "url": "http://hg.pidgin.im/pidgin/main/rev/44fd89158777" + }, + { + "name": "RHSA-2017:1854", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1854" + }, + { + "name": "USN-2390-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2390-1" + }, + { + "name": "openSUSE-SU-2014:1376", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html" + }, + { + "name": "60741", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60741" + }, + { + "name": "DSA-3055", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3055" + }, + { + "name": "openSUSE-SU-2014:1397", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html" + }, + { + "name": "61968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61968" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3776.json b/2014/3xxx/CVE-2014-3776.json index b90e4c29fca..eb9c3c0d193 100644 --- a/2014/3xxx/CVE-2014-3776.json +++ b/2014/3xxx/CVE-2014-3776.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the \"read-u8vector!\" procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and development snapshots before 4.9.1 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a \"#f\" value in the NUM argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Chicken-hackers] 20140517 [PATCH] Bound read-u8vector! to dest vector's size when no length is given", - "refsource" : "MLIST", - "url" : "http://lists.gnu.org/archive/html/chicken-hackers/2014-05/msg00032.html" - }, - { - "name" : "[chicken-announce] 20140518 [SECURITY] Buffer-overrun in some uses of read-u8vect", - "refsource" : "MLIST", - "url" : "http://lists.gnu.org/archive/html/chicken-announce/2014-05/msg00001.html" - }, - { - "name" : "[oss-security] 20140518 CVE request for buffer overrun in CHICKEN Scheme", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q2/328" - }, - { - "name" : "[oss-security] 20140519 Re: CVE request for buffer overrun in CHICKEN Scheme", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q2/334" - }, - { - "name" : "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=1d06ce7e21c7e903ca5dca11fda6fcf2cc52de5e", - "refsource" : "CONFIRM", - "url" : "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=1d06ce7e21c7e903ca5dca11fda6fcf2cc52de5e" - }, - { - "name" : "https://bugs.call-cc.org/ticket/1124", - "refsource" : "CONFIRM", - "url" : "https://bugs.call-cc.org/ticket/1124" - }, - { - "name" : "GLSA-201612-54", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-54" - }, - { - "name" : "67468", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67468" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the \"read-u8vector!\" procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and development snapshots before 4.9.1 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a \"#f\" value in the NUM argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67468", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67468" + }, + { + "name": "[Chicken-hackers] 20140517 [PATCH] Bound read-u8vector! to dest vector's size when no length is given", + "refsource": "MLIST", + "url": "http://lists.gnu.org/archive/html/chicken-hackers/2014-05/msg00032.html" + }, + { + "name": "https://bugs.call-cc.org/ticket/1124", + "refsource": "CONFIRM", + "url": "https://bugs.call-cc.org/ticket/1124" + }, + { + "name": "[oss-security] 20140519 Re: CVE request for buffer overrun in CHICKEN Scheme", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q2/334" + }, + { + "name": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=1d06ce7e21c7e903ca5dca11fda6fcf2cc52de5e", + "refsource": "CONFIRM", + "url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=1d06ce7e21c7e903ca5dca11fda6fcf2cc52de5e" + }, + { + "name": "GLSA-201612-54", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-54" + }, + { + "name": "[oss-security] 20140518 CVE request for buffer overrun in CHICKEN Scheme", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q2/328" + }, + { + "name": "[chicken-announce] 20140518 [SECURITY] Buffer-overrun in some uses of read-u8vect", + "refsource": "MLIST", + "url": "http://lists.gnu.org/archive/html/chicken-announce/2014-05/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6187.json b/2014/6xxx/CVE-2014-6187.json index 829ab65e5fc..4391edb587f 100644 --- a/2014/6xxx/CVE-2014-6187.json +++ b/2014/6xxx/CVE-2014-6187.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6187", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x before 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2 allow remote authenticated users to hijack the authentication of unspecified victims via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6187", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21693379", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21693379" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21693381", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21693381" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21693384", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21693384" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21693387", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21693387" - }, - { - "name" : "IV26727", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV26727" - }, - { - "name" : "71906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71906" - }, - { - "name" : "ibm-wsrr-cve20146187-csrf(98553)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98553" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x before 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2 allow remote authenticated users to hijack the authentication of unspecified victims via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-wsrr-cve20146187-csrf(98553)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98553" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21693384", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21693384" + }, + { + "name": "71906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71906" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21693379", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21693379" + }, + { + "name": "IV26727", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV26727" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21693381", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21693381" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21693387", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21693387" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7359.json b/2014/7xxx/CVE-2014-7359.json index dab072a91a6..590a05ca618 100644 --- a/2014/7xxx/CVE-2014-7359.json +++ b/2014/7xxx/CVE-2014-7359.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MAPA DA MINA (aka com.wMAPADAMINA) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#587249", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/587249" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MAPA DA MINA (aka com.wMAPADAMINA) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#587249", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/587249" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7507.json b/2014/7xxx/CVE-2014-7507.json index 2ea5896d7fd..4157019aa09 100644 --- a/2014/7xxx/CVE-2014-7507.json +++ b/2014/7xxx/CVE-2014-7507.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Hector Leal (aka ad.hector.leal.com) application 13/08/14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#510337", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/510337" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Hector Leal (aka ad.hector.leal.com) application 13/08/14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#510337", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/510337" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7692.json b/2014/7xxx/CVE-2014-7692.json index 6c1d4319c44..6659d2afaf3 100644 --- a/2014/7xxx/CVE-2014-7692.json +++ b/2014/7xxx/CVE-2014-7692.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Lent Experience (aka com.wLentExperience) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#911793", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/911793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Lent Experience (aka com.wLentExperience) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#911793", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/911793" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7776.json b/2014/7xxx/CVE-2014-7776.json index cd569f8805a..7a2ed9b6322 100644 --- a/2014/7xxx/CVE-2014-7776.json +++ b/2014/7xxx/CVE-2014-7776.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Kavita KS (aka com.snaplion.kavitaks) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#852217", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/852217" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Kavita KS (aka com.snaplion.kavitaks) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#852217", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/852217" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7930.json b/2014/7xxx/CVE-2014-7930.json index 0ecabb194ee..5af82792ed6 100644 --- a/2014/7xxx/CVE-2014-7930.json +++ b/2014/7xxx/CVE-2014-7930.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7930", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in core/events/TreeScopeEventContext.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper maintenance of TreeScope data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-7930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=442806", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=442806" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=187435&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=187435&view=revision" - }, - { - "name" : "GLSA-201502-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml" - }, - { - "name" : "RHSA-2015:0093", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0093.html" - }, - { - "name" : "openSUSE-SU-2015:0441", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" - }, - { - "name" : "USN-2476-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2476-1" - }, - { - "name" : "72288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72288" - }, - { - "name" : "1031623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031623" - }, - { - "name" : "62575", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62575" - }, - { - "name" : "62383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62383" - }, - { - "name" : "62665", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in core/events/TreeScopeEventContext.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper maintenance of TreeScope data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62665", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62665" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" + }, + { + "name": "62575", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62575" + }, + { + "name": "USN-2476-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2476-1" + }, + { + "name": "72288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72288" + }, + { + "name": "GLSA-201502-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=442806", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=442806" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=187435&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=187435&view=revision" + }, + { + "name": "1031623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031623" + }, + { + "name": "openSUSE-SU-2015:0441", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" + }, + { + "name": "RHSA-2015:0093", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0093.html" + }, + { + "name": "62383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62383" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2512.json b/2016/2xxx/CVE-2016-2512.json index ced5bcf44ca..3a15e6b9059 100644 --- a/2016/2xxx/CVE-2016-2512.json +++ b/2016/2xxx/CVE-2016-2512.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\\@attacker.com." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/django/django/commit/c5544d289233f501917e25970c03ed444abbd4f0", - "refsource" : "CONFIRM", - "url" : "https://github.com/django/django/commit/c5544d289233f501917e25970c03ed444abbd4f0" - }, - { - "name" : "https://www.djangoproject.com/weblog/2016/mar/01/security-releases/", - "refsource" : "CONFIRM", - "url" : "https://www.djangoproject.com/weblog/2016/mar/01/security-releases/" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "DSA-3544", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3544" - }, - { - "name" : "RHSA-2016:0504", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0504.html" - }, - { - "name" : "RHSA-2016:0502", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0502.html" - }, - { - "name" : "RHSA-2016:0505", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0505.html" - }, - { - "name" : "RHSA-2016:0506", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0506.html" - }, - { - "name" : "USN-2915-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2915-1" - }, - { - "name" : "USN-2915-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2915-2" - }, - { - "name" : "USN-2915-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2915-3" - }, - { - "name" : "83879", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/83879" - }, - { - "name" : "1035152", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\\@attacker.com." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2016:0506", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0506.html" + }, + { + "name": "1035152", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035152" + }, + { + "name": "83879", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/83879" + }, + { + "name": "RHSA-2016:0504", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0504.html" + }, + { + "name": "DSA-3544", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3544" + }, + { + "name": "RHSA-2016:0502", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0502.html" + }, + { + "name": "USN-2915-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2915-3" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "USN-2915-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2915-2" + }, + { + "name": "RHSA-2016:0505", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0505.html" + }, + { + "name": "USN-2915-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2915-1" + }, + { + "name": "https://www.djangoproject.com/weblog/2016/mar/01/security-releases/", + "refsource": "CONFIRM", + "url": "https://www.djangoproject.com/weblog/2016/mar/01/security-releases/" + }, + { + "name": "https://github.com/django/django/commit/c5544d289233f501917e25970c03ed444abbd4f0", + "refsource": "CONFIRM", + "url": "https://github.com/django/django/commit/c5544d289233f501917e25970c03ed444abbd4f0" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2579.json b/2016/2xxx/CVE-2016-2579.json index 8ecb950804f..e59787ac8fc 100644 --- a/2016/2xxx/CVE-2016-2579.json +++ b/2016/2xxx/CVE-2016-2579.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2579", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2579", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0224.json b/2017/0xxx/CVE-2017-0224.json index 36f2a8f9d9f..b32927a8767 100644 --- a/2017/0xxx/CVE-2017-0224.json +++ b/2017/0xxx/CVE-2017-0224.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft Edge, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0224", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0224" - }, - { - "name" : "98214", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft Edge, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0224", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0224" + }, + { + "name": "98214", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98214" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18291.json b/2017/18xxx/CVE-2017-18291.json index d8c2843de89..b8b4f1552bd 100644 --- a/2017/18xxx/CVE-2017-18291.json +++ b/2017/18xxx/CVE-2017-18291.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET user parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://rchase.com/blog/posts/pvpgn-stats-multiple-sql-injection-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://rchase.com/blog/posts/pvpgn-stats-multiple-sql-injection-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET user parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://rchase.com/blog/posts/pvpgn-stats-multiple-sql-injection-vulnerabilities/", + "refsource": "MISC", + "url": "https://rchase.com/blog/posts/pvpgn-stats-multiple-sql-injection-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1184.json b/2017/1xxx/CVE-2017-1184.json index b9f1f41e84c..22ff8fab9a6 100644 --- a/2017/1xxx/CVE-2017-1184.json +++ b/2017/1xxx/CVE-2017-1184.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1184", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1184", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1431.json b/2017/1xxx/CVE-2017-1431.json index 2f6ae56a653..a0a37eaf70a 100644 --- a/2017/1xxx/CVE-2017-1431.json +++ b/2017/1xxx/CVE-2017-1431.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-1431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Streams", - "version" : { - "version_data" : [ - { - "version_value" : "4.0" - }, - { - "version_value" : "4.0.1" - }, - { - "version_value" : "4.1" - }, - { - "version_value" : "4.1.1" - }, - { - "version_value" : "4.2" - }, - { - "version_value" : "4.2.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM InfoSphere Streams 4.0, 4.1, and 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127632." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-1431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Streams", + "version": { + "version_data": [ + { + "version_value": "4.0" + }, + { + "version_value": "4.0.1" + }, + { + "version_value": "4.1" + }, + { + "version_value": "4.1.1" + }, + { + "version_value": "4.2" + }, + { + "version_value": "4.2.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127632", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127632" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006827", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006827" - }, - { - "name" : "100253", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100253" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM InfoSphere Streams 4.0, 4.1, and 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127632." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100253", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100253" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127632", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127632" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22006827", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22006827" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1884.json b/2017/1xxx/CVE-2017-1884.json index 19d92dc0971..38fddff087b 100644 --- a/2017/1xxx/CVE-2017-1884.json +++ b/2017/1xxx/CVE-2017-1884.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1884", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1884", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5047.json b/2017/5xxx/CVE-2017-5047.json index 076d4328ed5..736ff877c68 100644 --- a/2017/5xxx/CVE-2017-5047.json +++ b/2017/5xxx/CVE-2017-5047.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5047", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "integer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/679653", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/679653" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "integer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" + }, + { + "name": "https://crbug.com/679653", + "refsource": "CONFIRM", + "url": "https://crbug.com/679653" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5637.json b/2017/5xxx/CVE-2017-5637.json index 9c6fc9d6ec5..c0f9509223d 100644 --- a/2017/5xxx/CVE-2017-5637.json +++ b/2017/5xxx/CVE-2017-5637.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2017-10-09T00:00:00", - "ID" : "CVE-2017-5637", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache ZooKeeper", - "version" : { - "version_data" : [ - { - "version_value" : "3.4.0 to 3.4.9" - }, - { - "version_value" : "3.5.0 to 3.5.2" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Two four letter word commands \"wchp/wchc\" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DOS" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2017-10-09T00:00:00", + "ID": "CVE-2017-5637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache ZooKeeper", + "version": { + "version_data": [ + { + "version_value": "3.4.0 to 3.4.9" + }, + { + "version_value": "3.5.0 to 3.5.2" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dev] 20171009 [SECURITY] CVE-2017-5637: DOS attack on wchp/wchc four letter words (4lw)", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370@%3Cdev.zookeeper.apache.org%3E" - }, - { - "name" : "https://issues.apache.org/jira/browse/ZOOKEEPER-2693", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/ZOOKEEPER-2693" - }, - { - "name" : "DSA-3871", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3871" - }, - { - "name" : "RHSA-2017:3354", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3354" - }, - { - "name" : "RHSA-2017:3355", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3355" - }, - { - "name" : "RHSA-2017:2477", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2477" - }, - { - "name" : "98814", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98814" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Two four letter word commands \"wchp/wchc\" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DOS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[dev] 20171009 [SECURITY] CVE-2017-5637: DOS attack on wchp/wchc four letter words (4lw)", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370@%3Cdev.zookeeper.apache.org%3E" + }, + { + "name": "https://issues.apache.org/jira/browse/ZOOKEEPER-2693", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/ZOOKEEPER-2693" + }, + { + "name": "98814", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98814" + }, + { + "name": "RHSA-2017:3355", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3355" + }, + { + "name": "RHSA-2017:3354", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3354" + }, + { + "name": "RHSA-2017:2477", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2477" + }, + { + "name": "DSA-3871", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3871" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5794.json b/2017/5xxx/CVE-2017-5794.json index 80fc6bf0750..a2776395d09 100644 --- a/2017/5xxx/CVE-2017-5794.json +++ b/2017/5xxx/CVE-2017-5794.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-03-08T00:00:00", - "ID" : "CVE-2017-5794", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Management Center (IMC) PLAT", - "version" : { - "version_data" : [ - { - "version_value" : "PLAT 7.2 E0403P06" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Arbitrary File Download" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-03-08T00:00:00", + "ID": "CVE-2017-5794", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Management Center (IMC) PLAT", + "version": { + "version_data": [ + { + "version_value": "PLAT 7.2 E0403P06" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03715en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03715en_us" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Arbitrary File Download" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03715en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03715en_us" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5915.json b/2017/5xxx/CVE-2017-5915.json index 2e7c47d5ba7..0c4c26ff82d 100644 --- a/2017/5xxx/CVE-2017-5915.json +++ b/2017/5xxx/CVE-2017-5915.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5915", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through 3.10.4 (UAE) and 2.0.1 through 2.1.0 (KSA) for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through 3.10.4 (UAE) and 2.0.1 through 2.1.0 (KSA) for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" + } + ] + } +} \ No newline at end of file