From 62fb420298fd4f7336aab4a2361eb55c091fead0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:35:23 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0794.json | 150 +++++++++---------- 2006/3xxx/CVE-2006-3129.json | 170 ++++++++++----------- 2006/3xxx/CVE-2006-3418.json | 150 +++++++++---------- 2006/3xxx/CVE-2006-3953.json | 140 +++++++++--------- 2006/4xxx/CVE-2006-4325.json | 180 +++++++++++------------ 2006/4xxx/CVE-2006-4672.json | 180 +++++++++++------------ 2006/6xxx/CVE-2006-6076.json | 260 ++++++++++++++++----------------- 2006/6xxx/CVE-2006-6672.json | 120 +++++++-------- 2006/6xxx/CVE-2006-6767.json | 190 ++++++++++++------------ 2006/7xxx/CVE-2006-7123.json | 160 ++++++++++---------- 2010/2xxx/CVE-2010-2404.json | 130 ++++++++--------- 2010/2xxx/CVE-2010-2440.json | 150 +++++++++---------- 2010/2xxx/CVE-2010-2674.json | 160 ++++++++++---------- 2010/2xxx/CVE-2010-2839.json | 130 ++++++++--------- 2010/2xxx/CVE-2010-2918.json | 160 ++++++++++---------- 2011/0xxx/CVE-2011-0059.json | 190 ++++++++++++------------ 2011/0xxx/CVE-2011-0310.json | 180 +++++++++++------------ 2011/0xxx/CVE-2011-0319.json | 130 ++++++++--------- 2011/0xxx/CVE-2011-0774.json | 140 +++++++++--------- 2011/1xxx/CVE-2011-1108.json | 160 ++++++++++---------- 2011/1xxx/CVE-2011-1285.json | 170 ++++++++++----------- 2011/1xxx/CVE-2011-1463.json | 34 ++--- 2011/4xxx/CVE-2011-4518.json | 130 ++++++++--------- 2011/4xxx/CVE-2011-4820.json | 34 ++--- 2014/2xxx/CVE-2014-2348.json | 34 ++--- 2014/2xxx/CVE-2014-2724.json | 34 ++--- 2014/3xxx/CVE-2014-3090.json | 150 +++++++++---------- 2014/3xxx/CVE-2014-3683.json | 210 +++++++++++++------------- 2014/3xxx/CVE-2014-3891.json | 140 +++++++++--------- 2014/6xxx/CVE-2014-6152.json | 160 ++++++++++---------- 2014/6xxx/CVE-2014-6223.json | 34 ++--- 2014/6xxx/CVE-2014-6569.json | 120 +++++++-------- 2014/6xxx/CVE-2014-6629.json | 34 ++--- 2014/7xxx/CVE-2014-7203.json | 200 ++++++++++++------------- 2014/7xxx/CVE-2014-7394.json | 140 +++++++++--------- 2014/7xxx/CVE-2014-7549.json | 34 ++--- 2014/7xxx/CVE-2014-7579.json | 34 ++--- 2014/7xxx/CVE-2014-7647.json | 140 +++++++++--------- 2016/2xxx/CVE-2016-2968.json | 120 +++++++-------- 2017/0xxx/CVE-2017-0828.json | 122 ++++++++-------- 2017/18xxx/CVE-2017-18165.json | 34 ++--- 2017/18xxx/CVE-2017-18310.json | 130 ++++++++--------- 2017/1xxx/CVE-2017-1121.json | 158 ++++++++++---------- 2017/1xxx/CVE-2017-1790.json | 180 +++++++++++------------ 2017/5xxx/CVE-2017-5310.json | 34 ++--- 2017/5xxx/CVE-2017-5353.json | 34 ++--- 2017/5xxx/CVE-2017-5720.json | 34 ++--- 2017/5xxx/CVE-2017-5722.json | 132 ++++++++--------- 48 files changed, 3020 insertions(+), 3020 deletions(-) diff --git a/2006/0xxx/CVE-2006-0794.json b/2006/0xxx/CVE-2006-0794.json index 00a3e485583..9b9880a42cb 100644 --- a/2006/0xxx/CVE-2006-0794.json +++ b/2006/0xxx/CVE-2006-0794.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0794", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "help.php in V-webmail 1.6.2 allows remote attackers to obtain the installation path via unspecified invalid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0794", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-0639", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0639" - }, - { - "name" : "23262", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23262" - }, - { - "name" : "18776", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18776" - }, - { - "name" : "vwebmail-help-path-disclosure(24754)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24754" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "help.php in V-webmail 1.6.2 allows remote attackers to obtain the installation path via unspecified invalid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vwebmail-help-path-disclosure(24754)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24754" + }, + { + "name": "18776", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18776" + }, + { + "name": "23262", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23262" + }, + { + "name": "ADV-2006-0639", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0639" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3129.json b/2006/3xxx/CVE-2006-3129.json index 2d458d9f56d..2b1754e8781 100644 --- a/2006/3xxx/CVE-2006-3129.json +++ b/2006/3xxx/CVE-2006-3129.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in NC LinkList 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) view parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18546", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18546" - }, - { - "name" : "ADV-2006-2438", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2438" - }, - { - "name" : "http://pridels0.blogspot.com/2006/06/nc-linklist-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/nc-linklist-xss-vuln.html" - }, - { - "name" : "26675", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26675" - }, - { - "name" : "20691", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20691" - }, - { - "name" : "nclinklist-index-xss(27248)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27248" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in NC LinkList 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) view parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2438", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2438" + }, + { + "name": "nclinklist-index-xss(27248)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27248" + }, + { + "name": "18546", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18546" + }, + { + "name": "20691", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20691" + }, + { + "name": "26675", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26675" + }, + { + "name": "http://pridels0.blogspot.com/2006/06/nc-linklist-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/nc-linklist-xss-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3418.json b/2006/3xxx/CVE-2006-3418.json index 4fde1423d6e..6de86550f61 100644 --- a/2006/3xxx/CVE-2006-3418.json +++ b/2006/3xxx/CVE-2006-3418.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tor.eff.org/cvs/tor/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://tor.eff.org/cvs/tor/ChangeLog" - }, - { - "name" : "GLSA-200606-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200606-04.xml" - }, - { - "name" : "25881", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25881" - }, - { - "name" : "20514", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25881", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25881" + }, + { + "name": "20514", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20514" + }, + { + "name": "GLSA-200606-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200606-04.xml" + }, + { + "name": "http://tor.eff.org/cvs/tor/ChangeLog", + "refsource": "CONFIRM", + "url": "http://tor.eff.org/cvs/tor/ChangeLog" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3953.json b/2006/3xxx/CVE-2006-3953.json index f9050412bd3..6e0e2135fea 100644 --- a/2006/3xxx/CVE-2006-3953.json +++ b/2006/3xxx/CVE-2006-3953.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441534/100/0/threaded" - }, - { - "name" : "19193", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19193" - }, - { - "name" : "1319", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1319" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded" + }, + { + "name": "19193", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19193" + }, + { + "name": "1319", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1319" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4325.json b/2006/4xxx/CVE-2006-4325.json index 985387429a8..8cc4fa76630 100644 --- a/2006/4xxx/CVE-2006-4325.json +++ b/2006/4xxx/CVE-2006-4325.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in gbook.php in Doika guestbook 2.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060912 [eVuln] Doika guestbook 'page' XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445903/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/134/description.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/134/description.html" - }, - { - "name" : "19656", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19656" - }, - { - "name" : "ADV-2006-3342", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3342" - }, - { - "name" : "28068", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28068" - }, - { - "name" : "21549", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21549" - }, - { - "name" : "doikaguestbook-gbook-xss(28503)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28503" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in gbook.php in Doika guestbook 2.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3342", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3342" + }, + { + "name": "20060912 [eVuln] Doika guestbook 'page' XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445903/100/0/threaded" + }, + { + "name": "21549", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21549" + }, + { + "name": "28068", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28068" + }, + { + "name": "http://evuln.com/vulns/134/description.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/134/description.html" + }, + { + "name": "doikaguestbook-gbook-xss(28503)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28503" + }, + { + "name": "19656", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19656" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4672.json b/2006/4xxx/CVE-2006-4672.json index 471437204bd..fca9893f142 100644 --- a/2006/4xxx/CVE-2006-4672.json +++ b/2006/4xxx/CVE-2006-4672.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in profitCode ppalCart 2.5 EE, possibly a component of PayProCart, allows remote attackers to execute arbitrary PHP code via a URL in the (1) proMod parameter to (a) index.php, or the (2) docroot parameter to (b) index.php or (c) mainpage.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060910 PayProCart <= 1146078425 Multiple Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445748/100/0/threaded" - }, - { - "name" : "20060914 ppalCart V(2.5 EE) Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446076/100/0/threaded" - }, - { - "name" : "2316", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2316" - }, - { - "name" : "19881", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19881" - }, - { - "name" : "ADV-2006-3557", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3557" - }, - { - "name" : "21868", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21868" - }, - { - "name" : "ppalcart-index-file-include(28781)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in profitCode ppalCart 2.5 EE, possibly a component of PayProCart, allows remote attackers to execute arbitrary PHP code via a URL in the (1) proMod parameter to (a) index.php, or the (2) docroot parameter to (b) index.php or (c) mainpage.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3557", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3557" + }, + { + "name": "20060914 ppalCart V(2.5 EE) Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446076/100/0/threaded" + }, + { + "name": "19881", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19881" + }, + { + "name": "ppalcart-index-file-include(28781)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28781" + }, + { + "name": "21868", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21868" + }, + { + "name": "20060910 PayProCart <= 1146078425 Multiple Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445748/100/0/threaded" + }, + { + "name": "2316", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2316" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6076.json b/2006/6xxx/CVE-2006-6076.json index db32d2f881d..4ea22b8efe9 100644 --- a/2006/6xxx/CVE-2006-6076.json +++ b/2006/6xxx/CVE-2006-6076.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to execute arbitrary code via certain RPC requests to TCP port 6502." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061121 LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452222/100/0/threaded" - }, - { - "name" : "20061122 RE: LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452318/100/0/threaded" - }, - { - "name" : "20070111 [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/456711" - }, - { - "name" : "20061121 LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050808.html" - }, - { - "name" : "20061122 LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050814.html" - }, - { - "name" : "http://supportconnectw.ca.com/public/storage/infodocs/babtapeng-securitynotice.asp", - "refsource" : "CONFIRM", - "url" : "http://supportconnectw.ca.com/public/storage/infodocs/babtapeng-securitynotice.asp" - }, - { - "name" : "http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=101317", - "refsource" : "CONFIRM", - "url" : "http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=101317" - }, - { - "name" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34817", - "refsource" : "CONFIRM", - "url" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34817" - }, - { - "name" : "VU#437300", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/437300" - }, - { - "name" : "21221", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21221" - }, - { - "name" : "ADV-2006-4654", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4654" - }, - { - "name" : "1017268", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017268" - }, - { - "name" : "23060", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23060" - }, - { - "name" : "24512", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24512" - }, - { - "name" : "cabrightstorarcserve-tapeeng-bo(30453)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30453" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to execute arbitrary code via certain RPC requests to TCP port 6502." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21221", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21221" + }, + { + "name": "20061122 RE: LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452318/100/0/threaded" + }, + { + "name": "cabrightstorarcserve-tapeeng-bo(30453)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30453" + }, + { + "name": "24512", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24512" + }, + { + "name": "20061122 LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050814.html" + }, + { + "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34817", + "refsource": "CONFIRM", + "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34817" + }, + { + "name": "20070111 [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/456711" + }, + { + "name": "1017268", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017268" + }, + { + "name": "23060", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23060" + }, + { + "name": "ADV-2006-4654", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4654" + }, + { + "name": "http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=101317", + "refsource": "CONFIRM", + "url": "http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=101317" + }, + { + "name": "20061121 LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050808.html" + }, + { + "name": "20061121 LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452222/100/0/threaded" + }, + { + "name": "VU#437300", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/437300" + }, + { + "name": "http://supportconnectw.ca.com/public/storage/infodocs/babtapeng-securitynotice.asp", + "refsource": "CONFIRM", + "url": "http://supportconnectw.ca.com/public/storage/infodocs/babtapeng-securitynotice.asp" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6672.json b/2006/6xxx/CVE-2006-6672.json index 14ec5defa20..2fa5c712b07 100644 --- a/2006/6xxx/CVE-2006-6672.json +++ b/2006/6xxx/CVE-2006-6672.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Burak Yylmaz Download Portal allow remote attackers to execute arbitrary SQL commands via the (1) kid or possibly (2) id parameter to (a) HABERLER.ASP and (b) ASPKAT.ASP. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-5085", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Burak Yylmaz Download Portal allow remote attackers to execute arbitrary SQL commands via the (1) kid or possibly (2) id parameter to (a) HABERLER.ASP and (b) ASPKAT.ASP. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-5085", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5085" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6767.json b/2006/6xxx/CVE-2006-6767.json index 291eaacbd48..b1c385792e5 100644 --- a/2006/6xxx/CVE-2006-6767.json +++ b/2006/6xxx/CVE-2006-6767.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "oftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200701-09", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200701-09.xml" - }, - { - "name" : "22073", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22073" - }, - { - "name" : "ADV-2007-0198", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0198" - }, - { - "name" : "32822", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32822" - }, - { - "name" : "1017517", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017517" - }, - { - "name" : "23790", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23790" - }, - { - "name" : "23797", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23797" - }, - { - "name" : "oftpd-lpsv-lprt-dos(31520)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "oftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22073", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22073" + }, + { + "name": "23797", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23797" + }, + { + "name": "23790", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23790" + }, + { + "name": "1017517", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017517" + }, + { + "name": "ADV-2007-0198", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0198" + }, + { + "name": "32822", + "refsource": "OSVDB", + "url": "http://osvdb.org/32822" + }, + { + "name": "GLSA-200701-09", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-09.xml" + }, + { + "name": "oftpd-lpsv-lprt-dos(31520)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31520" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7123.json b/2006/7xxx/CVE-2006-7123.json index 20631fa2cae..6a2e751285b 100644 --- a/2006/7xxx/CVE-2006-7123.json +++ b/2006/7xxx/CVE-2006-7123.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7123", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-country.csv file; and the (2) HTTP Referer, (3) HTTP User Agent, and (4) HTTP Accept Language headers to (b) bsqtemplateinc.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060929 Secunia Research: Joomla BSQ Sitestats Component MultipleVulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447356/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2006-63/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-63/advisory/" - }, - { - "name" : "20267", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20267" - }, - { - "name" : "2360", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2360" - }, - { - "name" : "bsq-sitestats-bsqtemplateinc-sql-injection(29268)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29268" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-country.csv file; and the (2) HTTP Referer, (3) HTTP User Agent, and (4) HTTP Accept Language headers to (b) bsqtemplateinc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20267", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20267" + }, + { + "name": "bsq-sitestats-bsqtemplateinc-sql-injection(29268)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29268" + }, + { + "name": "2360", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2360" + }, + { + "name": "20060929 Secunia Research: Joomla BSQ Sitestats Component MultipleVulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447356/100/0/threaded" + }, + { + "name": "http://secunia.com/secunia_research/2006-63/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-63/advisory/" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2404.json b/2010/2xxx/CVE-2010-2404.json index 1c7c4cf797f..a54c2dec77d 100644 --- a/2010/2xxx/CVE-2010-2404.json +++ b/2010/2xxx/CVE-2010-2404.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2404", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect integrity via unknown vectors related to Account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-2404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "TA10-287A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect integrity via unknown vectors related to Account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "TA10-287A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2440.json b/2010/2xxx/CVE-2010-2440.json index 4a706422589..99703387704 100644 --- a/2010/2xxx/CVE-2010-2440.json +++ b/2010/2xxx/CVE-2010-2440.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2440", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in st-wizard.exe in Subtitle Translation Wizard 3.0 allows user-assisted remote attackers to execute arbitrary code via a crafted SRT file with a long line after a time range. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2440", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13965", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13965" - }, - { - "name" : "41026", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41026" - }, - { - "name" : "65678", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65678" - }, - { - "name" : "40303", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40303" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in st-wizard.exe in Subtitle Translation Wizard 3.0 allows user-assisted remote attackers to execute arbitrary code via a crafted SRT file with a long line after a time range. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13965", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13965" + }, + { + "name": "41026", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41026" + }, + { + "name": "65678", + "refsource": "OSVDB", + "url": "http://osvdb.org/65678" + }, + { + "name": "40303", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40303" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2674.json b/2010/2xxx/CVE-2010-2674.json index 2db8989e9b1..aab89432084 100644 --- a/2010/2xxx/CVE-2010-2674.json +++ b/2010/2xxx/CVE-2010-2674.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an articolo action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11923", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11923" - }, - { - "name" : "http://packetstormsecurity.org/1003-exploits/tsokacms-sqlxss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1003-exploits/tsokacms-sqlxss.txt" - }, - { - "name" : "63277", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/63277" - }, - { - "name" : "39120", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39120" - }, - { - "name" : "tsoka-index-sql-injection(57246)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57246" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an articolo action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tsoka-index-sql-injection(57246)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57246" + }, + { + "name": "39120", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39120" + }, + { + "name": "http://packetstormsecurity.org/1003-exploits/tsokacms-sqlxss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1003-exploits/tsokacms-sqlxss.txt" + }, + { + "name": "11923", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11923" + }, + { + "name": "63277", + "refsource": "OSVDB", + "url": "http://osvdb.org/63277" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2839.json b/2010/2xxx/CVE-2010-2839.json index de48902e076..4cff3dd13e8 100644 --- a/2010/2xxx/CVE-2010-2839.json +++ b/2010/2xxx/CVE-2010-2839.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2839", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to cause a denial of service (stack memory corruption and process failure) via a malformed SIP message, aka Bug ID CSCtd14474." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-2839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100825 Cisco Unified Presence Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43909.shtml" - }, - { - "name" : "ADV-2010-2186", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2186" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to cause a denial of service (stack memory corruption and process failure) via a malformed SIP message, aka Bug ID CSCtd14474." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-2186", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2186" + }, + { + "name": "20100825 Cisco Unified Presence Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43909.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2918.json b/2010/2xxx/CVE-2010-2918.json index a177dc9572f..34e1d9ba672 100644 --- a/2010/2xxx/CVE-2010-2918.json +++ b/2010/2xxx/CVE-2010-2918.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14476", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14476" - }, - { - "name" : "http://packetstormsecurity.org/0804-exploits/joomlavisites-rfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0804-exploits/joomlavisites-rfi.txt" - }, - { - "name" : "28942", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28942" - }, - { - "name" : "ADV-2010-1925", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1925" - }, - { - "name" : "visites-mymailerclass-file-include(42025)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14476", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14476" + }, + { + "name": "28942", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28942" + }, + { + "name": "ADV-2010-1925", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1925" + }, + { + "name": "visites-mymailerclass-file-include(42025)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42025" + }, + { + "name": "http://packetstormsecurity.org/0804-exploits/joomlavisites-rfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0804-exploits/joomlavisites-rfi.txt" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0059.json b/2011/0xxx/CVE-2011-0059.json index dd6716775ce..4e92a604d58 100644 --- a/2011/0xxx/CVE-2011-0059.json +++ b/2011/0xxx/CVE-2011-0059.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-10.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-10.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=573873", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=573873" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100128655", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100128655" - }, - { - "name" : "http://downloads.avaya.com/css/P8/documents/100133195", - "refsource" : "CONFIRM", - "url" : "http://downloads.avaya.com/css/P8/documents/100133195" - }, - { - "name" : "MDVSA-2011:041", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:041" - }, - { - "name" : "RHSA-2011:0313", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0313.html" - }, - { - "name" : "46652", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46652" - }, - { - "name" : "oval:org.mitre.oval:def:14473", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://downloads.avaya.com/css/P8/documents/100133195", + "refsource": "CONFIRM", + "url": "http://downloads.avaya.com/css/P8/documents/100133195" + }, + { + "name": "46652", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46652" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-10.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-10.html" + }, + { + "name": "RHSA-2011:0313", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0313.html" + }, + { + "name": "MDVSA-2011:041", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:041" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100128655", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100128655" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=573873", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=573873" + }, + { + "name": "oval:org.mitre.oval:def:14473", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14473" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0310.json b/2011/0xxx/CVE-2011-0310.json index 25cfebfece7..3156956d88d 100644 --- a/2011/0xxx/CVE-2011-0310.json +++ b/2011/0xxx/CVE-2011-0310.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted header field in a message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014224" - }, - { - "name" : "IZ77607", - "refsource" : "AIXAPAR", - "url" : "https://www-304.ibm.com/support/docview.wss?uid=swg1SE45551" - }, - { - "name" : "45923", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45923" - }, - { - "name" : "70476", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70476" - }, - { - "name" : "42958", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42958" - }, - { - "name" : "ADV-2011-0128", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0128" - }, - { - "name" : "wmq-messageheader-bo(64628)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted header field in a message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70476", + "refsource": "OSVDB", + "url": "http://osvdb.org/70476" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014224", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014224" + }, + { + "name": "45923", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45923" + }, + { + "name": "ADV-2011-0128", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0128" + }, + { + "name": "42958", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42958" + }, + { + "name": "wmq-messageheader-bo(64628)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64628" + }, + { + "name": "IZ77607", + "refsource": "AIXAPAR", + "url": "https://www-304.ibm.com/support/docview.wss?uid=swg1SE45551" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0319.json b/2011/0xxx/CVE-2011-0319.json index 46bc3348f81..b7396c12073 100644 --- a/2011/0xxx/CVE-2011-0319.json +++ b/2011/0xxx/CVE-2011-0319.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-17.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-17.html" - }, - { - "name" : "TA11-166A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-166A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-17.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-17.html" + }, + { + "name": "TA11-166A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-166A.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0774.json b/2011/0xxx/CVE-2011-0774.json index 08783e8f4a0..75e655db9a2 100644 --- a/2011/0xxx/CVE-2011-0774.json +++ b/2011/0xxx/CVE-2011-0774.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PivotX before 2.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) includes/ping.php and (2) includes/spamping.php, which reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.htbridge.ch/advisory/path_disclousure_in_pivotx.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/path_disclousure_in_pivotx.html" - }, - { - "name" : "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released", - "refsource" : "CONFIRM", - "url" : "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released" - }, - { - "name" : "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3410", - "refsource" : "CONFIRM", - "url" : "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3410" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PivotX before 2.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) includes/ping.php and (2) includes/spamping.php, which reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released", + "refsource": "CONFIRM", + "url": "http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released" + }, + { + "name": "http://www.htbridge.ch/advisory/path_disclousure_in_pivotx.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/path_disclousure_in_pivotx.html" + }, + { + "name": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3410", + "refsource": "CONFIRM", + "url": "http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3410" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1108.json b/2011/1xxx/CVE-2011-1108.json index c3ef459b791..de8f7cd70f5 100644 --- a/2011/1xxx/CVE-2011-1108.json +++ b/2011/1xxx/CVE-2011-1108.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 9.0.597.107 does not properly implement JavaScript dialogs, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=63732", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=63732" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html" - }, - { - "name" : "46614", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46614" - }, - { - "name" : "oval:org.mitre.oval:def:14345", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14345" - }, - { - "name" : "google-chrome-dialogs-unspecified(65726)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 9.0.597.107 does not properly implement JavaScript dialogs, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=63732", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=63732" + }, + { + "name": "google-chrome-dialogs-unspecified(65726)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65726" + }, + { + "name": "46614", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46614" + }, + { + "name": "oval:org.mitre.oval:def:14345", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14345" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1285.json b/2011/1xxx/CVE-2011-1285.json index 35bca92b8c8..42f0b074fa7 100644 --- a/2011/1xxx/CVE-2011-1285.json +++ b/2011/1xxx/CVE-2011-1285.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The regular-expression functionality in Google Chrome before 10.0.648.127 does not properly implement reentrancy, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=74662", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=74662" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html" - }, - { - "name" : "46785", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46785" - }, - { - "name" : "oval:org.mitre.oval:def:14571", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14571" - }, - { - "name" : "ADV-2011-0628", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0628" - }, - { - "name" : "google-regexp-code-exec(65969)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65969" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The regular-expression functionality in Google Chrome before 10.0.648.127 does not properly implement reentrancy, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46785", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46785" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html" + }, + { + "name": "oval:org.mitre.oval:def:14571", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14571" + }, + { + "name": "google-regexp-code-exec(65969)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65969" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=74662", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=74662" + }, + { + "name": "ADV-2011-0628", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0628" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1463.json b/2011/1xxx/CVE-2011-1463.json index 80f70bb7be2..918ff23c560 100644 --- a/2011/1xxx/CVE-2011-1463.json +++ b/2011/1xxx/CVE-2011-1463.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1463", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1463", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4518.json b/2011/4xxx/CVE-2011-4518.json index bae151b93c8..b0d0e6ee61d 100644 --- a/2011/4xxx/CVE-2011-4518.json +++ b/2011/4xxx/CVE-2011-4518.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-4518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02" - }, - { - "name" : "http://www.promotic.eu/en/pmdoc/News.htm#ver80105", - "refsource" : "CONFIRM", - "url" : "http://www.promotic.eu/en/pmdoc/News.htm#ver80105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105", + "refsource": "CONFIRM", + "url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105" + }, + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4820.json b/2011/4xxx/CVE-2011-4820.json index b7a11ec9db7..71ba084e46e 100644 --- a/2011/4xxx/CVE-2011-4820.json +++ b/2011/4xxx/CVE-2011-4820.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4820", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4820", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2348.json b/2014/2xxx/CVE-2014-2348.json index 0fcf5efc58f..033d0fbc7cb 100644 --- a/2014/2xxx/CVE-2014-2348.json +++ b/2014/2xxx/CVE-2014-2348.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2348", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2348", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2724.json b/2014/2xxx/CVE-2014-2724.json index 1cad170db6e..2f6000d7082 100644 --- a/2014/2xxx/CVE-2014-2724.json +++ b/2014/2xxx/CVE-2014-2724.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2724", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2724", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3090.json b/2014/3xxx/CVE-2014-3090.json index eb23af5032b..121d3841f4a 100644 --- a/2014/3xxx/CVE-2014-3090.json +++ b/2014/3xxx/CVE-2014-3090.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677285", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677285" - }, - { - "name" : "69964", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69964" - }, - { - "name" : "1030883", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030883" - }, - { - "name" : "ibm-clearcase-cve20143090-xee(94256)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94256" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-clearcase-cve20143090-xee(94256)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94256" + }, + { + "name": "69964", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69964" + }, + { + "name": "1030883", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030883" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677285", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677285" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3683.json b/2014/3xxx/CVE-2014-3683.json index ccf6b613fd2..e2121f36571 100644 --- a/2014/3xxx/CVE-2014-3683.json +++ b/2014/3xxx/CVE-2014-3683.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3683", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140930 vulnerability in rsyslog", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/09/30/15" - }, - { - "name" : "[oss-security] 20141003 sysklogd vulnerability (CVE-2014-3634)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/10/03/1" - }, - { - "name" : "http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/", - "refsource" : "CONFIRM", - "url" : "http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "DSA-3047", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3047" - }, - { - "name" : "SUSE-SU-2014:1294", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00005.html" - }, - { - "name" : "openSUSE-SU-2014:1297", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-10/msg00020.html" - }, - { - "name" : "openSUSE-SU-2014:1298", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-10/msg00021.html" - }, - { - "name" : "USN-2381-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2381-1" - }, - { - "name" : "61494", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61494" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:1297", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00020.html" + }, + { + "name": "SUSE-SU-2014:1294", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00005.html" + }, + { + "name": "openSUSE-SU-2014:1298", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00021.html" + }, + { + "name": "[oss-security] 20140930 vulnerability in rsyslog", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/09/30/15" + }, + { + "name": "61494", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61494" + }, + { + "name": "[oss-security] 20141003 sysklogd vulnerability (CVE-2014-3634)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/10/03/1" + }, + { + "name": "http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/", + "refsource": "CONFIRM", + "url": "http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/" + }, + { + "name": "USN-2381-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2381-1" + }, + { + "name": "DSA-3047", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3047" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3891.json b/2014/3xxx/CVE-2014-3891.json index 9634eeeefd6..e45b22b58ce 100644 --- a/2014/3xxx/CVE-2014-3891.json +++ b/2014/3xxx/CVE-2014-3891.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in RimArts Becky! Internet Mail before 2.68 allows remote POP3 servers to execute arbitrary code via a crafted response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-3891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.rimarts.co.jp/index-j.html", - "refsource" : "CONFIRM", - "url" : "http://www.rimarts.co.jp/index-j.html" - }, - { - "name" : "JVN#35376006", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN35376006/index.html" - }, - { - "name" : "JVNDB-2014-000071", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000071" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in RimArts Becky! Internet Mail before 2.68 allows remote POP3 servers to execute arbitrary code via a crafted response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#35376006", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN35376006/index.html" + }, + { + "name": "JVNDB-2014-000071", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000071" + }, + { + "name": "http://www.rimarts.co.jp/index-j.html", + "refsource": "CONFIRM", + "url": "http://www.rimarts.co.jp/index-j.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6152.json b/2014/6xxx/CVE-2014-6152.json index 78d384ef591..2dc68e8c034 100644 --- a/2014/6xxx/CVE-2014-6152.json +++ b/2014/6xxx/CVE-2014-6152.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Integrated Portal (TIP) 2.2.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21687541", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21687541" - }, - { - "name" : "PI27417", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI27417" - }, - { - "name" : "70729", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70729" - }, - { - "name" : "61899", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61899" - }, - { - "name" : "ibm-tivoli-cve20146152-xss(97034)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Integrated Portal (TIP) 2.2.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21687541", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687541" + }, + { + "name": "61899", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61899" + }, + { + "name": "PI27417", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI27417" + }, + { + "name": "70729", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70729" + }, + { + "name": "ibm-tivoli-cve20146152-xss(97034)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97034" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6223.json b/2014/6xxx/CVE-2014-6223.json index 0add07d04c2..8cc50268b3e 100644 --- a/2014/6xxx/CVE-2014-6223.json +++ b/2014/6xxx/CVE-2014-6223.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6223", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6223", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6569.json b/2014/6xxx/CVE-2014-6569.json index 8c93e58bc24..478dd5364a5 100644 --- a/2014/6xxx/CVE-2014-6569.json +++ b/2014/6xxx/CVE-2014-6569.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality via vectors related to CIE Related Components." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality via vectors related to CIE Related Components." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6629.json b/2014/6xxx/CVE-2014-6629.json index c0408f55259..f205a786dfc 100644 --- a/2014/6xxx/CVE-2014-6629.json +++ b/2014/6xxx/CVE-2014-6629.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6629", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6629", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7203.json b/2014/7xxx/CVE-2014-7203.json index 2e94e36a970..68473dbd5ad 100644 --- a/2014/7xxx/CVE-2014-7203.json +++ b/2014/7xxx/CVE-2014-7203.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140926 CVE request: zeromq", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q3/754" - }, - { - "name" : "[oss-security] 20140927 Re: CVE request: zeromq", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2014/q3/776" - }, - { - "name" : "https://github.com/zeromq/libzmq/issues/1191", - "refsource" : "CONFIRM", - "url" : "https://github.com/zeromq/libzmq/issues/1191" - }, - { - "name" : "https://github.com/zeromq/libzmq/pull/1189", - "refsource" : "CONFIRM", - "url" : "https://github.com/zeromq/libzmq/pull/1189" - }, - { - "name" : "openSUSE-SU-2014:1381", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00027.html" - }, - { - "name" : "openSUSE-SU-2014:1493", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00101.html" - }, - { - "name" : "70157", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70157" - }, - { - "name" : "62262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62262" - }, - { - "name" : "zeromq-connection-nonces-replay(96242)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96242" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140927 Re: CVE request: zeromq", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q3/776" + }, + { + "name": "openSUSE-SU-2014:1381", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00027.html" + }, + { + "name": "https://github.com/zeromq/libzmq/pull/1189", + "refsource": "CONFIRM", + "url": "https://github.com/zeromq/libzmq/pull/1189" + }, + { + "name": "openSUSE-SU-2014:1493", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00101.html" + }, + { + "name": "70157", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70157" + }, + { + "name": "zeromq-connection-nonces-replay(96242)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96242" + }, + { + "name": "[oss-security] 20140926 CVE request: zeromq", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2014/q3/754" + }, + { + "name": "https://github.com/zeromq/libzmq/issues/1191", + "refsource": "CONFIRM", + "url": "https://github.com/zeromq/libzmq/issues/1191" + }, + { + "name": "62262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62262" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7394.json b/2014/7xxx/CVE-2014-7394.json index c1afc114b63..07381d1178d 100644 --- a/2014/7xxx/CVE-2014-7394.json +++ b/2014/7xxx/CVE-2014-7394.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The www.alaaliwat.com (aka com.alaliwat.marsa) application 4.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#536121", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/536121" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The www.alaaliwat.com (aka com.alaliwat.marsa) application 4.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#536121", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/536121" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7549.json b/2014/7xxx/CVE-2014-7549.json index 1f62cc5f39a..ce898f8fa04 100644 --- a/2014/7xxx/CVE-2014-7549.json +++ b/2014/7xxx/CVE-2014-7549.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7549", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7549", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7579.json b/2014/7xxx/CVE-2014-7579.json index c6fb5747257..3a1d4981fd6 100644 --- a/2014/7xxx/CVE-2014-7579.json +++ b/2014/7xxx/CVE-2014-7579.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7579", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7579", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7647.json b/2014/7xxx/CVE-2014-7647.json index bdcb2f44d96..71bd011eedd 100644 --- a/2014/7xxx/CVE-2014-7647.json +++ b/2014/7xxx/CVE-2014-7647.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BOOKING DISCOUNT (aka com.wmygoodhotelscom) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#945761", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/945761" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BOOKING DISCOUNT (aka com.wmygoodhotelscom) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#945761", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/945761" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2968.json b/2016/2xxx/CVE-2016-2968.json index 457fd41882b..a0ce31c012a 100644 --- a/2016/2xxx/CVE-2016-2968.json +++ b/2016/2xxx/CVE-2016-2968.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21985773", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21985773" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21985773", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985773" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0828.json b/2017/0xxx/CVE-2017-0828.json index b60c7d605dd..b9766c1041d 100644 --- a/2017/0xxx/CVE-2017-0828.json +++ b/2017/0xxx/CVE-2017-0828.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-10-02T00:00:00", - "ID" : "CVE-2017-0828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Huawei bootloader. Product: Android. Versions: Android kernel. Android ID: A-34622855." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-10-02T00:00:00", + "ID": "CVE-2017-0828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-10-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-10-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Huawei bootloader. Product: Android. Versions: Android kernel. Android ID: A-34622855." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-10-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18165.json b/2017/18xxx/CVE-2017-18165.json index dd059fc3a6a..480badd4e52 100644 --- a/2017/18xxx/CVE-2017-18165.json +++ b/2017/18xxx/CVE-2017-18165.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18165", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18165", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18310.json b/2017/18xxx/CVE-2017-18310.json index bad192b801d..b8545e453a7 100644 --- a/2017/18xxx/CVE-2017-18310.json +++ b/2017/18xxx/CVE-2017-18310.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-18310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ClientEnv exposes services 0-32 to HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Access Control in TZ" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-18310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - }, - { - "name" : "1041432", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ClientEnv exposes services 0-32 to HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control in TZ" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "1041432", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041432" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1121.json b/2017/1xxx/CVE-2017-1121.json index be9ac245d60..10e0bd11bfe 100644 --- a/2017/1xxx/CVE-2017-1121.json +++ b/2017/1xxx/CVE-2017-1121.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Application Server", - "version" : { - "version_data" : [ - { - "version_value" : "8.0.0" - }, - { - "version_value" : "7.0.0" - }, - { - "version_value" : "8.5" - }, - { - "version_value" : "9.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997743" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere Application Server", + "version": { + "version_data": [ + { + "version_value": "8.0.0" + }, + { + "version_value": "7.0.0" + }, + { + "version_value": "8.5" + }, + { + "version_value": "9.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21997743", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21997743" - }, - { - "name" : "96164", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96164" - }, - { - "name" : "1037806", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037806" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997743" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037806", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037806" + }, + { + "name": "96164", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96164" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21997743", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21997743" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1790.json b/2017/1xxx/CVE-2017-1790.json index 1b8852ac3f2..898dd4962e0 100644 --- a/2017/1xxx/CVE-2017-1790.json +++ b/2017/1xxx/CVE-2017-1790.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-04-10T00:00:00", - "ID" : "CVE-2017-1790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational DOORS Next Generation", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DOORS Next Generation (DNG/RRC) 5.0, 5.0.1, 5.0.2, and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137035." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-04-10T00:00:00", + "ID": "CVE-2017-1790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational DOORS Next Generation", + "version": { + "version_data": [ + { + "version_value": "5.0.2" + }, + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137035", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137035" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012660", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DOORS Next Generation (DNG/RRC) 5.0, 5.0.1, 5.0.2, and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137035." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137035", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137035" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22012660", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22012660" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5310.json b/2017/5xxx/CVE-2017-5310.json index 6f187679c33..4f9732c31e7 100644 --- a/2017/5xxx/CVE-2017-5310.json +++ b/2017/5xxx/CVE-2017-5310.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5310", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5310", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5353.json b/2017/5xxx/CVE-2017-5353.json index e008a29d01c..6bb60a37be9 100644 --- a/2017/5xxx/CVE-2017-5353.json +++ b/2017/5xxx/CVE-2017-5353.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5353", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5353", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5720.json b/2017/5xxx/CVE-2017-5720.json index 83f8effe649..6fb9f3e6285 100644 --- a/2017/5xxx/CVE-2017-5720.json +++ b/2017/5xxx/CVE-2017-5720.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5720", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5720", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5722.json b/2017/5xxx/CVE-2017-5722.json index 63fa978a016..cc19f7ad934 100644 --- a/2017/5xxx/CVE-2017-5722.json +++ b/2017/5xxx/CVE-2017-5722.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2017-10-06T00:00:00", - "ID" : "CVE-2017-5722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NUC Kits", - "version" : { - "version_data" : [ - { - "version_value" : "BN0049 and below" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2017-10-06T00:00:00", + "ID": "CVE-2017-5722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NUC Kits", + "version": { + "version_data": [ + { + "version_value": "BN0049 and below" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr" - }, - { - "name" : "101236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101236" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr" + }, + { + "name": "101236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101236" + } + ] + } +} \ No newline at end of file