diff --git a/2001/1xxx/CVE-2001-1230.json b/2001/1xxx/CVE-2001-1230.json index 06d98491ec2..2e60f7c713f 100644 --- a/2001/1xxx/CVE-2001-1230.json +++ b/2001/1xxx/CVE-2001-1230.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflows in Icecast before 1.3.10 allow remote attackers to cause a denial of service (crash) and execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010313 More Icecast remote vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98455723123298&w=2" - }, - { - "name" : "DSA-089", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2001/dsa-089" - }, - { - "name" : "RHSA-2002:063", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-063.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflows in Icecast before 1.3.10 allow remote attackers to cause a denial of service (crash) and execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2002:063", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-063.html" + }, + { + "name": "DSA-089", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2001/dsa-089" + }, + { + "name": "20010313 More Icecast remote vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98455723123298&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2095.json b/2006/2xxx/CVE-2006-2095.json index 3757b9965c3..7864f1d5db7 100644 --- a/2006/2xxx/CVE-2006-2095.json +++ b/2006/2xxx/CVE-2006-2095.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Phex before 2.8.6 allows remote attackers to cause a denial of service (application hang) by initiating multiple chat requests to a single user and then logging off." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=412751", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=412751" - }, - { - "name" : "ADV-2006-1560", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1560" - }, - { - "name" : "19824", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19824" - }, - { - "name" : "phex-request-dos(26124)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Phex before 2.8.6 allows remote attackers to cause a denial of service (application hang) by initiating multiple chat requests to a single user and then logging off." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1560", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1560" + }, + { + "name": "19824", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19824" + }, + { + "name": "phex-request-dos(26124)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26124" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=412751", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=412751" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2381.json b/2006/2xxx/CVE-2006-2381.json index 853e8fa4525..bedff07042c 100644 --- a/2006/2xxx/CVE-2006-2381.json +++ b/2006/2xxx/CVE-2006-2381.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2381", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-2381", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2392.json b/2006/2xxx/CVE-2006-2392.json index 805a626478d..98bfe19dedb 100644 --- a/2006/2xxx/CVE-2006-2392.json +++ b/2006/2xxx/CVE-2006-2392.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in public_includes/pub_popup/popup_finduser.php in PHP Blue Dragon Platinum 2.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1779", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1779" - }, - { - "name" : "17977", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17977" - }, - { - "name" : "ADV-2006-1789", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1789" - }, - { - "name" : "25533", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25533" - }, - { - "name" : "20115", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20115" - }, - { - "name" : "phpbluedragon-finduser-file-include(26455)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26455" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in public_includes/pub_popup/popup_finduser.php in PHP Blue Dragon Platinum 2.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20115", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20115" + }, + { + "name": "1779", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1779" + }, + { + "name": "17977", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17977" + }, + { + "name": "phpbluedragon-finduser-file-include(26455)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26455" + }, + { + "name": "ADV-2006-1789", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1789" + }, + { + "name": "25533", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25533" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3277.json b/2006/3xxx/CVE-2006-3277.json index f02e7bd3b09..023a5a16287 100644 --- a/2006/3xxx/CVE-2006-3277.json +++ b/2006/3xxx/CVE-2006-3277.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SMTP service of MailEnable Standard 1.92 and earlier, Professional 2.0 and earlier, and Enterprise 2.0 and earlier before the MESMTPC hotfix, allows remote attackers to cause a denial of service (application crash) via a HELO command with a null byte in the argument, possibly triggering a length inconsistency or a missing argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060624 Mailenable SMTP Service DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438374/100/0/threaded" - }, - { - "name" : "http://www.divisionbyzero.be/?p=173", - "refsource" : "MISC", - "url" : "http://www.divisionbyzero.be/?p=173" - }, - { - "name" : "http://www.divisionbyzero.be/?p=174", - "refsource" : "MISC", - "url" : "http://www.divisionbyzero.be/?p=174" - }, - { - "name" : "http://www.mailenable.com/hotfix/mesmtpc.zip", - "refsource" : "CONFIRM", - "url" : "http://www.mailenable.com/hotfix/mesmtpc.zip" - }, - { - "name" : "18630", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18630" - }, - { - "name" : "ADV-2006-2520", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2520" - }, - { - "name" : "26791", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26791" - }, - { - "name" : "1016376", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016376" - }, - { - "name" : "20790", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20790" - }, - { - "name" : "mailenable-smtp-helo-dos(27387)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27387" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SMTP service of MailEnable Standard 1.92 and earlier, Professional 2.0 and earlier, and Enterprise 2.0 and earlier before the MESMTPC hotfix, allows remote attackers to cause a denial of service (application crash) via a HELO command with a null byte in the argument, possibly triggering a length inconsistency or a missing argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mailenable.com/hotfix/mesmtpc.zip", + "refsource": "CONFIRM", + "url": "http://www.mailenable.com/hotfix/mesmtpc.zip" + }, + { + "name": "mailenable-smtp-helo-dos(27387)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27387" + }, + { + "name": "1016376", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016376" + }, + { + "name": "ADV-2006-2520", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2520" + }, + { + "name": "20790", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20790" + }, + { + "name": "26791", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26791" + }, + { + "name": "http://www.divisionbyzero.be/?p=174", + "refsource": "MISC", + "url": "http://www.divisionbyzero.be/?p=174" + }, + { + "name": "18630", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18630" + }, + { + "name": "http://www.divisionbyzero.be/?p=173", + "refsource": "MISC", + "url": "http://www.divisionbyzero.be/?p=173" + }, + { + "name": "20060624 Mailenable SMTP Service DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438374/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3301.json b/2006/3xxx/CVE-2006-3301.json index 6ed973bbe1d..a5a094d0fce 100644 --- a/2006/3xxx/CVE-2006-3301.json +++ b/2006/3xxx/CVE-2006-3301.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpQLAdmin 2.2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) user_add.php or (2) unit_add.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/phpqladmin-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/phpqladmin-vuln.html" - }, - { - "name" : "18658", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18658" - }, - { - "name" : "ADV-2006-2532", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2532" - }, - { - "name" : "20788", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20788" - }, - { - "name" : "phpqladmin-useradd-unitadd-xss(27364)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27364" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpQLAdmin 2.2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) user_add.php or (2) unit_add.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20788", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20788" + }, + { + "name": "ADV-2006-2532", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2532" + }, + { + "name": "phpqladmin-useradd-unitadd-xss(27364)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27364" + }, + { + "name": "18658", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18658" + }, + { + "name": "http://pridels0.blogspot.com/2006/06/phpqladmin-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/phpqladmin-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3623.json b/2006/3xxx/CVE-2006-3623.json index c4e4d2de8ef..ce9e89a72d0 100644 --- a/2006/3xxx/CVE-2006-3623.json +++ b/2006/3xxx/CVE-2006-3623.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3623", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3.5.0.x and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the directory and filename in a PropsResponse (PackageType) request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060714 EEYE: McAfee ePolicy Orchestrator Remote Compromise", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440077/100/0/threaded" - }, - { - "name" : "http://www.eeye.com/html/research/advisories/AD20060713.html", - "refsource" : "MISC", - "url" : "http://www.eeye.com/html/research/advisories/AD20060713.html" - }, - { - "name" : "18979", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18979" - }, - { - "name" : "ADV-2006-2796", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2796" - }, - { - "name" : "27158", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27158" - }, - { - "name" : "1016501", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016501" - }, - { - "name" : "21037", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21037" - }, - { - "name" : "epolicy-epo-directory-traversal(27738)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27738" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3.5.0.x and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the directory and filename in a PropsResponse (PackageType) request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.eeye.com/html/research/advisories/AD20060713.html", + "refsource": "MISC", + "url": "http://www.eeye.com/html/research/advisories/AD20060713.html" + }, + { + "name": "epolicy-epo-directory-traversal(27738)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27738" + }, + { + "name": "21037", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21037" + }, + { + "name": "ADV-2006-2796", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2796" + }, + { + "name": "27158", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27158" + }, + { + "name": "18979", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18979" + }, + { + "name": "20060714 EEYE: McAfee ePolicy Orchestrator Remote Compromise", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440077/100/0/threaded" + }, + { + "name": "1016501", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016501" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6164.json b/2006/6xxx/CVE-2006-6164.json index afe93acdfb9..a3b375e7dab 100644 --- a/2006/6xxx/CVE-2006-6164.json +++ b/2006/6xxx/CVE-2006-6164.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LD_PRELOAD to loading processes, which might be leveraged to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061122 Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452371/100/0/threaded" - }, - { - "name" : "20061123 Re: Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452428/100/0/threaded" - }, - { - "name" : "http://www.matasano.com/log/592/finger-79tcp-mcdonald-dowd-and-schuh-challenge-part-2/", - "refsource" : "MISC", - "url" : "http://www.matasano.com/log/592/finger-79tcp-mcdonald-dowd-and-schuh-challenge-part-2/" - }, - { - "name" : "[3.9] 016: SECURITY FIX: November 19, 2006", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata39.html#ldso" - }, - { - "name" : "[4.0] 005: SECURITY FIX: November 19, 2006", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata.html#ldso" - }, - { - "name" : "21188", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21188" - }, - { - "name" : "1017253", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017253" - }, - { - "name" : "22993", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22993" - }, - { - "name" : "openbsd-elf-privilege-escalation(30441)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30441" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LD_PRELOAD to loading processes, which might be leveraged to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[3.9] 016: SECURITY FIX: November 19, 2006", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata39.html#ldso" + }, + { + "name": "http://www.matasano.com/log/592/finger-79tcp-mcdonald-dowd-and-schuh-challenge-part-2/", + "refsource": "MISC", + "url": "http://www.matasano.com/log/592/finger-79tcp-mcdonald-dowd-and-schuh-challenge-part-2/" + }, + { + "name": "20061123 Re: Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452428/100/0/threaded" + }, + { + "name": "22993", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22993" + }, + { + "name": "21188", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21188" + }, + { + "name": "[4.0] 005: SECURITY FIX: November 19, 2006", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata.html#ldso" + }, + { + "name": "20061122 Lack of environment sanitization in the FreeBSD, OpenBSD, NetBSD dynamic loaders.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452371/100/0/threaded" + }, + { + "name": "1017253", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017253" + }, + { + "name": "openbsd-elf-privilege-escalation(30441)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30441" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6272.json b/2006/6xxx/CVE-2006-6272.json index 59e2441ebbf..05f5bd221d0 100644 --- a/2006/6xxx/CVE-2006-6272.json +++ b/2006/6xxx/CVE-2006-6272.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the dir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061124 Cross site scripting & fullpath disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452555/100/100/threaded" - }, - { - "name" : "21278", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21278" - }, - { - "name" : "1967", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1967" - }, - { - "name" : "simple-php-spindex-xss(30490)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30490" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the dir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21278", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21278" + }, + { + "name": "simple-php-spindex-xss(30490)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30490" + }, + { + "name": "20061124 Cross site scripting & fullpath disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452555/100/100/threaded" + }, + { + "name": "1967", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1967" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6289.json b/2006/6xxx/CVE-2006-6289.json index 3cbbfa7cb65..277dc39e4a8 100644 --- a/2006/6xxx/CVE-2006-6289.json +++ b/2006/6xxx/CVE-2006-6289.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbb_userid parameter to the top-level URI. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in wBB Lite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061124 Wolflab Burning Board Lite 1.0.2 two sql injections", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452561/100/0/threaded" - }, - { - "name" : "http://retrogod.altervista.org/wbblite_102_sql.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/wbblite_102_sql.html" - }, - { - "name" : "21265", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21265" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbb_userid parameter to the top-level URI. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in wBB Lite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21265", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21265" + }, + { + "name": "http://retrogod.altervista.org/wbblite_102_sql.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/wbblite_102_sql.html" + }, + { + "name": "20061124 Wolflab Burning Board Lite 1.0.2 two sql injections", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452561/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6330.json b/2006/6xxx/CVE-2006-6330.json index bf153266f46..7b8ade42a15 100644 --- a/2006/6xxx/CVE-2006-6330.json +++ b/2006/6xxx/CVE-2006-6330.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php for TorrentFlux 2.2 allows remote registered users to execute arbitrary commands via shell metacharacters in the kill parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2786", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2786" - }, - { - "name" : "22880", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22880" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php for TorrentFlux 2.2 allows remote registered users to execute arbitrary commands via shell metacharacters in the kill parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582" + }, + { + "name": "2786", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2786" + }, + { + "name": "22880", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22880" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7158.json b/2006/7xxx/CVE-2006-7158.json index 373f51379e7..e8ea1274bcc 100644 --- a/2006/7xxx/CVE-2006-7158.json +++ b/2006/7xxx/CVE-2006-7158.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter. NOTE: it is likely that this issue overlaps one of the identifiers in CVE-2006-5351." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061023 http://www.red-database-security.com/advisory/oracle_apex_css_notification_msg.html", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449501/100/0/threaded" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_apex_css_notification_msg.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_apex_css_notification_msg.html" - }, - { - "name" : "22396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22396" - }, - { - "name" : "2382", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2382" - }, - { - "name" : "oracle-notification-msg-xss(30107)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter. NOTE: it is likely that this issue overlaps one of the identifiers in CVE-2006-5351." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.red-database-security.com/advisory/oracle_apex_css_notification_msg.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_apex_css_notification_msg.html" + }, + { + "name": "2382", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2382" + }, + { + "name": "oracle-notification-msg-xss(30107)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30107" + }, + { + "name": "22396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22396" + }, + { + "name": "20061023 http://www.red-database-security.com/advisory/oracle_apex_css_notification_msg.html", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449501/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0193.json b/2011/0xxx/CVE-2011-0193.json index 13a8aad3370..33e4d25906e 100644 --- a/2011/0xxx/CVE-2011-0193.json +++ b/2011/0xxx/CVE-2011-0193.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4581", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4581" - }, - { - "name" : "APPLE-SA-2011-03-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2011-03-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" + }, + { + "name": "http://support.apple.com/kb/HT4581", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4581" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0277.json b/2011/0xxx/CVE-2011-0277.json index c186890b420..349f0538e1b 100644 --- a/2011/0xxx/CVE-2011-0277.json +++ b/2011/0xxx/CVE-2011-0277.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-0277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02629", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131" - }, - { - "name" : "SSRT100381", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131" - }, - { - "name" : "46258", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46258" - }, - { - "name" : "70836", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70836" - }, - { - "name" : "1025032", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025032" - }, - { - "name" : "43058", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43058" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025032", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025032" + }, + { + "name": "70836", + "refsource": "OSVDB", + "url": "http://osvdb.org/70836" + }, + { + "name": "46258", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46258" + }, + { + "name": "SSRT100381", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131" + }, + { + "name": "HPSBMA02629", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02711131" + }, + { + "name": "43058", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43058" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0417.json b/2011/0xxx/CVE-2011-0417.json index bd4a88ccb81..314d94716e0 100644 --- a/2011/0xxx/CVE-2011-0417.json +++ b/2011/0xxx/CVE-2011-0417.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0417", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0417", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0798.json b/2011/0xxx/CVE-2011-0798.json index 8c4433829e4..0c8ba1c8d96 100644 --- a/2011/0xxx/CVE-2011-0798.json +++ b/2011/0xxx/CVE-2011-0798.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 and 11.1.1.2.0 allows remote attackers to affect integrity via unknown vectors related to Midtier Infrastructure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 and 11.1.1.2.0 allows remote attackers to affect integrity via unknown vectors related to Midtier Infrastructure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1671.json b/2011/1xxx/CVE-2011-1671.json index 038e63f948a..60eb96bdd7f 100644 --- a/2011/1xxx/CVE-2011-1671.json +++ b/2011/1xxx/CVE-2011-1671.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in app/controllers/todos_controller.rb in Tracks 1.7.2, 2.0RC2, and 2.0devel allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to todos/tag/. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110329 XSS Vulnerability in Tracks 1.7.2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517223/100/0/threaded" - }, - { - "name" : "http://www.mavitunasecurity.com/XSS-vulnerability-in-Tracks/", - "refsource" : "MISC", - "url" : "http://www.mavitunasecurity.com/XSS-vulnerability-in-Tracks/" - }, - { - "name" : "http://www.getontracks.org/downloads/comments/tracks-173", - "refsource" : "CONFIRM", - "url" : "http://www.getontracks.org/downloads/comments/tracks-173" - }, - { - "name" : "47078", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47078" - }, - { - "name" : "71352", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/71352" - }, - { - "name" : "43909", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43909" - }, - { - "name" : "8196", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8196" - }, - { - "name" : "tracks-todoscontroller-xss(66561)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66561" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in app/controllers/todos_controller.rb in Tracks 1.7.2, 2.0RC2, and 2.0devel allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to todos/tag/. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "71352", + "refsource": "OSVDB", + "url": "http://osvdb.org/71352" + }, + { + "name": "20110329 XSS Vulnerability in Tracks 1.7.2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517223/100/0/threaded" + }, + { + "name": "http://www.mavitunasecurity.com/XSS-vulnerability-in-Tracks/", + "refsource": "MISC", + "url": "http://www.mavitunasecurity.com/XSS-vulnerability-in-Tracks/" + }, + { + "name": "8196", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8196" + }, + { + "name": "47078", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47078" + }, + { + "name": "43909", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43909" + }, + { + "name": "http://www.getontracks.org/downloads/comments/tracks-173", + "refsource": "CONFIRM", + "url": "http://www.getontracks.org/downloads/comments/tracks-173" + }, + { + "name": "tracks-todoscontroller-xss(66561)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66561" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3123.json b/2011/3xxx/CVE-2011-3123.json index 5fe557fd7ef..00ad4bfeb62 100644 --- a/2011/3xxx/CVE-2011-3123.json +++ b/2011/3xxx/CVE-2011-3123.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3123", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21504279", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21504279" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg24030333", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg24030333" - }, - { - "name" : "JR39769", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR39769" - }, - { - "name" : "48516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48516" - }, - { - "name" : "45036", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45036" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg24030333", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg24030333" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21504279", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21504279" + }, + { + "name": "45036", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45036" + }, + { + "name": "48516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48516" + }, + { + "name": "JR39769", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR39769" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3480.json b/2011/3xxx/CVE-2011-3480.json index bb0a05cd0a8..347cfb7a27d 100644 --- a/2011/3xxx/CVE-2011-3480.json +++ b/2011/3xxx/CVE-2011-3480.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3480", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-3480", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3544.json b/2011/3xxx/CVE-2011-3544.json index f0c0863d4f7..773e703484a 100644 --- a/2011/3xxx/CVE-2011-3544.json +++ b/2011/3xxx/CVE-2011-3544.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-3544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" - }, - { - "name" : "http://www.ibm.com/developerworks/java/jdk/alerts/", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/developerworks/java/jdk/alerts/" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02730", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132750579901589&w=2" - }, - { - "name" : "SSRT100710", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132750579901589&w=2" - }, - { - "name" : "HPSBMU02797", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "SSRT100867", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "RHSA-2011:1384", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1384.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "SUSE-SU-2012:0114", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" - }, - { - "name" : "USN-1263-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1263-1" - }, - { - "name" : "50218", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50218" - }, - { - "name" : "oval:org.mitre.oval:def:13947", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947" - }, - { - "name" : "1026215", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026215" - }, - { - "name" : "48308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48308" - }, - { - "name" : "oracle-jre-scripting-unspecified(70849)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:13947", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "48308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48308" + }, + { + "name": "HPSBUX02730", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132750579901589&w=2" + }, + { + "name": "SUSE-SU-2012:0114", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "SSRT100710", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132750579901589&w=2" + }, + { + "name": "RHSA-2011:1384", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html" + }, + { + "name": "50218", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50218" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" + }, + { + "name": "SSRT100867", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "oracle-jre-scripting-unspecified(70849)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70849" + }, + { + "name": "1026215", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026215" + }, + { + "name": "USN-1263-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1263-1" + }, + { + "name": "HPSBMU02797", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "http://www.ibm.com/developerworks/java/jdk/alerts/", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3589.json b/2011/3xxx/CVE-2011-3589.json index f8d31081791..457418007fc 100644 --- a/2011/3xxx/CVE-2011-3589.json +++ b/2011/3xxx/CVE-2011-3589.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sensitive information by inspecting the file content, as demonstrated by a search for a root SSH key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=716439", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=716439" - }, - { - "name" : "RHSA-2011:1532", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-1532.html" - }, - { - "name" : "RHSA-2012:0152", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0152.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sensitive information by inspecting the file content, as demonstrated by a search for a root SSH key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=716439", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=716439" + }, + { + "name": "RHSA-2011:1532", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-1532.html" + }, + { + "name": "RHSA-2012:0152", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0152.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3870.json b/2011/3xxx/CVE-2011-3870.json index 15ec2ae3b2d..d7d2ccb89a0 100644 --- a/2011/3xxx/CVE-2011-3870.json +++ b/2011/3xxx/CVE-2011-3870.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb", - "refsource" : "CONFIRM", - "url" : "http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb" - }, - { - "name" : "https://puppet.com/security/cve/cve-2011-3870", - "refsource" : "CONFIRM", - "url" : "https://puppet.com/security/cve/cve-2011-3870" - }, - { - "name" : "DSA-2314", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2314" - }, - { - "name" : "FEDORA-2011-13623", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html" - }, - { - "name" : "FEDORA-2011-13633", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html" - }, - { - "name" : "FEDORA-2011-13636", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html" - }, - { - "name" : "USN-1223-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1223-1" - }, - { - "name" : "USN-1223-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1223-2" - }, - { - "name" : "46458", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2011-13633", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html" + }, + { + "name": "https://puppet.com/security/cve/cve-2011-3870", + "refsource": "CONFIRM", + "url": "https://puppet.com/security/cve/cve-2011-3870" + }, + { + "name": "FEDORA-2011-13623", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html" + }, + { + "name": "DSA-2314", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2314" + }, + { + "name": "46458", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46458" + }, + { + "name": "FEDORA-2011-13636", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html" + }, + { + "name": "http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb", + "refsource": "CONFIRM", + "url": "http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb" + }, + { + "name": "USN-1223-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1223-1" + }, + { + "name": "USN-1223-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1223-2" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4529.json b/2011/4xxx/CVE-2011-4529.json index 0a9659f5bab..b6011044a4f 100644 --- a/2011/4xxx/CVE-2011-4529.json +++ b/2011/4xxx/CVE-2011-4529.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allow remote attackers to execute arbitrary code via a long serialid field in an _licensekey command, as demonstrated by the (1) check_licensekey or (2) read_licensekey command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-4529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf" - }, - { - "name" : "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll&objId=57252401&objAction=csView&nodeid0=17323948&lang=en&siteid=cseus&aktprim=0&extranet=standard&viewreg=WW&load=content", - "refsource" : "CONFIRM", - "url" : "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll&objId=57252401&objAction=csView&nodeid0=17323948&lang=en&siteid=cseus&aktprim=0&extranet=standard&viewreg=WW&load=content" - }, - { - "name" : "http://support.automation.siemens.com/WW/view/en/114358", - "refsource" : "CONFIRM", - "url" : "http://support.automation.siemens.com/WW/view/en/114358" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allow remote attackers to execute arbitrary code via a long serialid field in an _licensekey command, as demonstrated by the (1) check_licensekey or (2) read_licensekey command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.automation.siemens.com/WW/view/en/114358", + "refsource": "CONFIRM", + "url": "http://support.automation.siemens.com/WW/view/en/114358" + }, + { + "name": "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/almsrvx_1-adv.txt" + }, + { + "name": "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll&objId=57252401&objAction=csView&nodeid0=17323948&lang=en&siteid=cseus&aktprim=0&extranet=standard&viewreg=WW&load=content", + "refsource": "CONFIRM", + "url": "http://support.automation.siemens.com/WW/llisapi.dll/57252401?func=ll&objId=57252401&objAction=csView&nodeid0=17323948&lang=en&siteid=cseus&aktprim=0&extranet=standard&viewreg=WW&load=content" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-361-01.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4631.json b/2011/4xxx/CVE-2011-4631.json index 7e4ef4eca0b..823e45ee403 100644 --- a/2011/4xxx/CVE-2011-4631.json +++ b/2011/4xxx/CVE-2011-4631.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4631", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4631", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4767.json b/2011/4xxx/CVE-2011-4767.json index 5f1dd75422d..9c3c4d3b873 100644 --- a/2011/4xxx/CVE-2011-4767.json +++ b/2011/4xxx/CVE-2011-4767.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by js/Wizard/Status.js and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html", - "refsource" : "MISC", - "url" : "http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html" - }, - { - "name" : "ppsbp-se-status-info-disc(72218)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72218" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by js/Wizard/Status.js and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html", + "refsource": "MISC", + "url": "http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html" + }, + { + "name": "ppsbp-se-status-info-disc(72218)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72218" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5320.json b/2013/5xxx/CVE-2013-5320.json index e523200b109..146e4bbfbf8 100644 --- a/2013/5xxx/CVE-2013-5320.json +++ b/2013/5xxx/CVE-2013-5320.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Forums/EditPost.aspx in mojoPortal before 2.3.9.8 allows remote attackers to inject arbitrary web script or HTML via the txtSubject parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130730 MojoPortal XSS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-07/0200.html" - }, - { - "name" : "http://packetstormsecurity.com/files/122608/MojoPortal-2.3.9.7-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/122608/MojoPortal-2.3.9.7-Cross-Site-Scripting.html" - }, - { - "name" : "https://www.mojoportal.com/mojoportal-2398-released", - "refsource" : "CONFIRM", - "url" : "https://www.mojoportal.com/mojoportal-2398-released" - }, - { - "name" : "61520", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/61520" - }, - { - "name" : "95847", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95847" - }, - { - "name" : "54297", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54297" - }, - { - "name" : "mojoportal-editpost-xss(86058)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86058" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Forums/EditPost.aspx in mojoPortal before 2.3.9.8 allows remote attackers to inject arbitrary web script or HTML via the txtSubject parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54297", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54297" + }, + { + "name": "http://packetstormsecurity.com/files/122608/MojoPortal-2.3.9.7-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/122608/MojoPortal-2.3.9.7-Cross-Site-Scripting.html" + }, + { + "name": "61520", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/61520" + }, + { + "name": "20130730 MojoPortal XSS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0200.html" + }, + { + "name": "95847", + "refsource": "OSVDB", + "url": "http://osvdb.org/95847" + }, + { + "name": "https://www.mojoportal.com/mojoportal-2398-released", + "refsource": "CONFIRM", + "url": "https://www.mojoportal.com/mojoportal-2398-released" + }, + { + "name": "mojoportal-editpost-xss(86058)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86058" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5542.json b/2013/5xxx/CVE-2013-5542.json index ffdeb5d9178..2e2375424d8 100644 --- a/2013/5xxx/CVE-2013-5542.json +++ b/2013/5xxx/CVE-2013-5542.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5542", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.2), 8.7 before 8.7(1.8), 9.0 before 9.0(3.6), and 9.1 before 9.1(2.8) allows remote attackers to cause a denial of service (firewall-session disruption or device reload) via crafted ICMP packets, aka Bug ID CSCui77398." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-5542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131009 Multiple Vulnerabilities in Cisco ASA Software", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.2), 8.7 before 8.7(1.8), 9.0 before 9.0(3.6), and 9.1 before 9.1(2.8) allows remote attackers to cause a denial of service (firewall-session disruption or device reload) via crafted ICMP packets, aka Bug ID CSCui77398." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131009 Multiple Vulnerabilities in Cisco ASA Software", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5577.json b/2013/5xxx/CVE-2013-5577.json index 32407d5a021..bc7af45a943 100644 --- a/2013/5xxx/CVE-2013-5577.json +++ b/2013/5xxx/CVE-2013-5577.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5577", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5577", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5680.json b/2013/5xxx/CVE-2013-5680.json index 2014de79478..84172b945b0 100644 --- a/2013/5xxx/CVE-2013-5680.json +++ b/2013/5xxx/CVE-2013-5680.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5680", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, when using LDAP authentication, might allow remote attackers to cause a denial of service (child hang) or execute arbitrary code via a long USER command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130930 CVE-2130-5680, HylaFAX+ heap overflow, unchecked network traffic.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/528943" - }, - { - "name" : "28683", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/28683" - }, - { - "name" : "http://hylafax.sourceforge.net/news/5.5.4.php", - "refsource" : "CONFIRM", - "url" : "http://hylafax.sourceforge.net/news/5.5.4.php" - }, - { - "name" : "62729", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62729" - }, - { - "name" : "1029119", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1029119" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, when using LDAP authentication, might allow remote attackers to cause a denial of service (child hang) or execute arbitrary code via a long USER command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hylafax.sourceforge.net/news/5.5.4.php", + "refsource": "CONFIRM", + "url": "http://hylafax.sourceforge.net/news/5.5.4.php" + }, + { + "name": "20130930 CVE-2130-5680, HylaFAX+ heap overflow, unchecked network traffic.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/528943" + }, + { + "name": "28683", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/28683" + }, + { + "name": "62729", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62729" + }, + { + "name": "1029119", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1029119" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5693.json b/2013/5xxx/CVE-2013-5693.json index 5b68c6b2232..45addee2c7c 100644 --- a/2013/5xxx/CVE-2013-5693.json +++ b/2013/5xxx/CVE-2013-5693.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5693", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in X2Engine X2CRM before 3.5 allows remote attackers to inject arbitrary web script or HTML via the model parameter to index.php/admin/editor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130925 Multiple Vulnerabilities in X2CRM", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-09/0117.html" - }, - { - "name" : "28557", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/28557" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23172", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23172" - }, - { - "name" : "97366", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/97366" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in X2Engine X2CRM before 3.5 allows remote attackers to inject arbitrary web script or HTML via the model parameter to index.php/admin/editor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97366", + "refsource": "OSVDB", + "url": "http://osvdb.org/97366" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23172", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23172" + }, + { + "name": "20130925 Multiple Vulnerabilities in X2CRM", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0117.html" + }, + { + "name": "28557", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/28557" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5704.json b/2013/5xxx/CVE-2013-5704.json index b481768c155..7fa50fb3486 100644 --- a/2013/5xxx/CVE-2013-5704.json +++ b/2013/5xxx/CVE-2013-5704.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass \"RequestHeader unset\" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states \"this is not a security issue in httpd as such.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dev] 20140401 CVE-2013-5704, mod_headers and chunked trailer fields", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2" - }, - { - "name" : "http://martin.swende.se/blog/HTTPChunked.html", - "refsource" : "MISC", - "url" : "http://martin.swende.se/blog/HTTPChunked.html" - }, - { - "name" : "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c" - }, - { - "name" : "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=1610674&r2=1610814&diff_format=h", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=1610674&r2=1610814&diff_format=h" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "https://support.apple.com/HT204659", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204659" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" - }, - { - "name" : "https://support.apple.com/HT205219", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205219" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" - }, - { - "name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", - "refsource" : "CONFIRM", - "url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246" - }, - { - "name" : "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES" - }, - { - "name" : "https://httpd.apache.org/security/vulnerabilities_24.html", - "refsource" : "CONFIRM", - "url" : "https://httpd.apache.org/security/vulnerabilities_24.html" - }, - { - "name" : "APPLE-SA-2015-04-08-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" - }, - { - "name" : "APPLE-SA-2015-09-16-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html" - }, - { - "name" : "GLSA-201504-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-03" - }, - { - "name" : "HPSBUX03337", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143403519711434&w=2" - }, - { - "name" : "HPSBUX03512", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144493176821532&w=2" - }, - { - "name" : "SSRT102066", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=143403519711434&w=2" - }, - { - "name" : "SSRT102254", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=144493176821532&w=2" - }, - { - "name" : "MDVSA-2014:174", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:174" - }, - { - "name" : "RHSA-2015:0325", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0325.html" - }, - { - "name" : "RHSA-2016:0062", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0062.html" - }, - { - "name" : "RHSA-2016:0061", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0061.html" - }, - { - "name" : "RHSA-2015:2659", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2015:2659" - }, - { - "name" : "RHSA-2015:2660", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2015:2660" - }, - { - "name" : "RHSA-2015:2661", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-2661.html" - }, - { - "name" : "RHSA-2015:1249", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1249.html" - }, - { - "name" : "USN-2523-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2523-1" - }, - { - "name" : "66550", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66550" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass \"RequestHeader unset\" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states \"this is not a security issue in httpd as such.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBUX03512", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144493176821532&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" + }, + { + "name": "https://support.apple.com/HT204659", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204659" + }, + { + "name": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES" + }, + { + "name": "GLSA-201504-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-03" + }, + { + "name": "RHSA-2015:1249", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1249.html" + }, + { + "name": "RHSA-2016:0061", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0061.html" + }, + { + "name": "RHSA-2015:0325", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0325.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "MDVSA-2014:174", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:174" + }, + { + "name": "USN-2523-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2523-1" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "RHSA-2016:0062", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0062.html" + }, + { + "name": "SSRT102066", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143403519711434&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", + "refsource": "CONFIRM", + "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246" + }, + { + "name": "RHSA-2015:2661", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-2661.html" + }, + { + "name": "SSRT102254", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=144493176821532&w=2" + }, + { + "name": "APPLE-SA-2015-04-08-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" + }, + { + "name": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=1610674&r2=1610814&diff_format=h", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=1610674&r2=1610814&diff_format=h" + }, + { + "name": "RHSA-2015:2659", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2015:2659" + }, + { + "name": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" + }, + { + "name": "RHSA-2015:2660", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2015:2660" + }, + { + "name": "https://httpd.apache.org/security/vulnerabilities_24.html", + "refsource": "CONFIRM", + "url": "https://httpd.apache.org/security/vulnerabilities_24.html" + }, + { + "name": "http://martin.swende.se/blog/HTTPChunked.html", + "refsource": "MISC", + "url": "http://martin.swende.se/blog/HTTPChunked.html" + }, + { + "name": "APPLE-SA-2015-09-16-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html" + }, + { + "name": "HPSBUX03337", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=143403519711434&w=2" + }, + { + "name": "https://support.apple.com/HT205219", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205219" + }, + { + "name": "66550", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66550" + }, + { + "name": "[dev] 20140401 CVE-2013-5704, mod_headers and chunked trailer fields", + "refsource": "MLIST", + "url": "http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2219.json b/2014/2xxx/CVE-2014-2219.json index 0e8076464c4..e366aa5fc56 100644 --- a/2014/2xxx/CVE-2014-2219.json +++ b/2014/2xxx/CVE-2014-2219.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in whizzywig/wb.php in CMSimple Classic 3.54 and earlier, possibly as downloaded before February 26, 2014, allows remote attackers to inject arbitrary web script or HTML via the d parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140319 Cross-Site Scripting (XSS) in CMSimple", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/531527/100/0/threaded" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23205", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23205" - }, - { - "name" : "66312", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66312" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in whizzywig/wb.php in CMSimple Classic 3.54 and earlier, possibly as downloaded before February 26, 2014, allows remote attackers to inject arbitrary web script or HTML via the d parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140319 Cross-Site Scripting (XSS) in CMSimple", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/531527/100/0/threaded" + }, + { + "name": "66312", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66312" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23205", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23205" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2773.json b/2014/2xxx/CVE-2014-2773.json index 3b9ab293372..1b2c718df56 100644 --- a/2014/2xxx/CVE-2014-2773.json +++ b/2014/2xxx/CVE-2014-2773.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2768." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-035", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" - }, - { - "name" : "67858", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67858" - }, - { - "name" : "1030370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2768." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030370" + }, + { + "name": "67858", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67858" + }, + { + "name": "MS14-035", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6693.json b/2014/6xxx/CVE-2014-6693.json index 10586098b68..920bf291dd3 100644 --- a/2014/6xxx/CVE-2014-6693.json +++ b/2014/6xxx/CVE-2014-6693.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6693", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Juiker (aka org.itri) application 3.2.0829.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#913025", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/913025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Juiker (aka org.itri) application 3.2.0829.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#913025", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/913025" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6752.json b/2014/6xxx/CVE-2014-6752.json index 6b0d9cce699..8633ea8bcd8 100644 --- a/2014/6xxx/CVE-2014-6752.json +++ b/2014/6xxx/CVE-2014-6752.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6752", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Mindless Behavior Fan Base (aka com.mindless.behavior.fan.base) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#124193", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/124193" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mindless Behavior Fan Base (aka com.mindless.behavior.fan.base) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#124193", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/124193" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6889.json b/2014/6xxx/CVE-2014-6889.json index 2541acd7cbd..3734395baa8 100644 --- a/2014/6xxx/CVE-2014-6889.json +++ b/2014/6xxx/CVE-2014-6889.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GunBroker.com (aka com.gunbroker.android) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#427089", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/427089" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GunBroker.com (aka com.gunbroker.android) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#427089", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/427089" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7186.json b/2014/7xxx/CVE-2014-7186.json index 95083a79d31..9f808535d1d 100644 --- a/2014/7xxx/CVE-2014-7186.json +++ b/2014/7xxx/CVE-2014-7186.json @@ -1,717 +1,717 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the \"redir_stack\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533593/100/0/threaded" - }, - { - "name" : "20141001 FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Oct/0" - }, - { - "name" : "[oss-security] 20140925 Fwd: Non-upstream patches for bash", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/09/25/32" - }, - { - "name" : "[oss-security] 20140926 Re: Fwd: Non-upstream patches for bash", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/09/26/2" - }, - { - "name" : "[oss-security] 20140928 Re: CVE-2014-6271: remote code execution through bash", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/09/28/10" - }, - { - "name" : "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html" - }, - { - "name" : "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html" - }, - { - "name" : "http://support.novell.com/security/cve/CVE-2014-7186.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/security/cve/CVE-2014-7186.html" - }, - { - "name" : "https://www.suse.com/support/shellshock/", - "refsource" : "CONFIRM", - "url" : "https://www.suse.com/support/shellshock/" - }, - { - "name" : "https://kb.bluecoat.com/index?page=content&id=SA82", - "refsource" : "CONFIRM", - "url" : "https://kb.bluecoat.com/index?page=content&id=SA82" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685749" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685914" - }, - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7015721", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7015721" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0010.html" - }, - { - "name" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686084" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685541" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685604" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685733" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686131" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686479" - }, - { - "name" : "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", - "refsource" : "CONFIRM", - "url" : "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315" - }, - { - "name" : "https://support.citrix.com/article/CTX200217", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX200217" - }, - { - "name" : "https://support.citrix.com/article/CTX200223", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX200223" - }, - { - "name" : "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686246" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686445" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686494" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21687079" - }, - { - "name" : "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", - "refsource" : "CONFIRM", - "url" : "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts" - }, - { - "name" : "http://www.qnap.com/i/en/support/con_show.php?cid=61", - "refsource" : "CONFIRM", - "url" : "http://www.qnap.com/i/en/support/con_show.php?cid=61" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686447" - }, - { - "name" : "http://support.apple.com/HT204244", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/HT204244" - }, - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10085" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183" - }, - { - "name" : "APPLE-SA-2015-01-27-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "20140926 GNU Bash Environment Variable Command Injection Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash" - }, - { - "name" : "HPSBGN03138", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141330468527613&w=2" - }, - { - "name" : "HPSBHF03125", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141345648114150&w=2" - }, - { - "name" : "HPSBGN03141", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141383304022067&w=2" - }, - { - "name" : "HPSBGN03142", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141383244821813&w=2" - }, - { - "name" : "HPSBMU03143", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141383026420882&w=2" - }, - { - "name" : "HPSBMU03144", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141383081521087&w=2" - }, - { - "name" : "HPSBST03129", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141383196021590&w=2" - }, - { - "name" : "HPSBST03131", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141383138121313&w=2" - }, - { - "name" : "HPSBST03157", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141450491804793&w=2" - }, - { - "name" : "HPSBMU03165", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141577137423233&w=2" - }, - { - "name" : "HPSBMU03182", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141585637922673&w=2" - }, - { - "name" : "HPSBST03154", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141577297623641&w=2" - }, - { - "name" : "HPSBST03155", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141576728022234&w=2" - }, - { - "name" : "HPSBST03181", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141577241923505&w=2" - }, - { - "name" : "HPSBST03148", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141694386919794&w=2" - }, - { - "name" : "HPSBMU03217", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141879528318582&w=2" - }, - { - "name" : "HPSBMU03236", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142289270617409&w=2" - }, - { - "name" : "HPSBMU03245", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142358026505815&w=2" - }, - { - "name" : "HPSBMU03246", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142358078406056&w=2" - }, - { - "name" : "HPSBOV03228", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142113462216480&w=2" - }, - { - "name" : "SSRT101711", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142113462216480&w=2" - }, - { - "name" : "SSRT101742", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142358026505815&w=2" - }, - { - "name" : "SSRT101827", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141879528318582&w=2" - }, - { - "name" : "SSRT101830", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142289270617409&w=2" - }, - { - "name" : "HPSBGN03233", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142118135300698&w=2" - }, - { - "name" : "SSRT101739", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142118135300698&w=2" - }, - { - "name" : "SSRT101868", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142118135300698&w=2" - }, - { - "name" : "HPSBMU03220", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142721162228379&w=2" - }, - { - "name" : "SSRT101819", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142721162228379&w=2" - }, - { - "name" : "MDVSA-2015:164", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164" - }, - { - "name" : "RHSA-2014:1311", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1311.html" - }, - { - "name" : "RHSA-2014:1312", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1312.html" - }, - { - "name" : "RHSA-2014:1354", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1354.html" - }, - { - "name" : "SUSE-SU-2014:1247", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html" - }, - { - "name" : "SUSE-SU-2014:1259", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html" - }, - { - "name" : "openSUSE-SU-2014:1229", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html" - }, - { - "name" : "openSUSE-SU-2014:1242", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html" - }, - { - "name" : "openSUSE-SU-2014:1254", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html" - }, - { - "name" : "USN-2364-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2364-1" - }, - { - "name" : "JVN#55667175", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN55667175/index.html" - }, - { - "name" : "JVNDB-2014-000126", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126" - }, - { - "name" : "61479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61479" - }, - { - "name" : "61618", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61618" - }, - { - "name" : "61622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61622" - }, - { - "name" : "61636", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61636" - }, - { - "name" : "61641", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61641" - }, - { - "name" : "59907", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59907" - }, - { - "name" : "61283", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61283" - }, - { - "name" : "61485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61485" - }, - { - "name" : "61503", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61503" - }, - { - "name" : "61552", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61552" - }, - { - "name" : "61565", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61565" - }, - { - "name" : "61603", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61603" - }, - { - "name" : "61633", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61633" - }, - { - "name" : "61643", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61643" - }, - { - "name" : "61654", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61654" - }, - { - "name" : "61703", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61703" - }, - { - "name" : "61711", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61711" - }, - { - "name" : "61188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61188" - }, - { - "name" : "58200", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58200" - }, - { - "name" : "60034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60034" - }, - { - "name" : "60055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60055" - }, - { - "name" : "60193", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60193" - }, - { - "name" : "61065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61065" - }, - { - "name" : "61128", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61128" - }, - { - "name" : "61129", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61129" - }, - { - "name" : "61287", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61287" - }, - { - "name" : "61312", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61312" - }, - { - "name" : "61313", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61313" - }, - { - "name" : "61328", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61328" - }, - { - "name" : "61442", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61442" - }, - { - "name" : "61471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61471" - }, - { - "name" : "61550", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61550" - }, - { - "name" : "61780", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61780" - }, - { - "name" : "61816", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61816" - }, - { - "name" : "60024", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60024" - }, - { - "name" : "60063", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60063" - }, - { - "name" : "60044", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60044" - }, - { - "name" : "60433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60433" - }, - { - "name" : "61291", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61291" - }, - { - "name" : "61873", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61873" - }, - { - "name" : "62312", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62312" - }, - { - "name" : "62343", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62343" - }, - { - "name" : "62228", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the \"redir_stack\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685749" + }, + { + "name": "HPSBMU03165", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141577137423233&w=2" + }, + { + "name": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", + "refsource": "CONFIRM", + "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts" + }, + { + "name": "HPSBST03131", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141383138121313&w=2" + }, + { + "name": "SSRT101819", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142721162228379&w=2" + }, + { + "name": "20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533593/100/0/threaded" + }, + { + "name": "HPSBMU03245", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142358026505815&w=2" + }, + { + "name": "openSUSE-SU-2014:1229", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686084" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686479" + }, + { + "name": "61188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61188" + }, + { + "name": "JVN#55667175", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN55667175/index.html" + }, + { + "name": "openSUSE-SU-2014:1254", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html" + }, + { + "name": "60433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60433" + }, + { + "name": "[oss-security] 20140925 Fwd: Non-upstream patches for bash", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/09/25/32" + }, + { + "name": "HPSBMU03143", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141383026420882&w=2" + }, + { + "name": "HPSBMU03182", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141585637922673&w=2" + }, + { + "name": "HPSBST03155", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141576728022234&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685541" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html" + }, + { + "name": "61636", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61636" + }, + { + "name": "61816", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61816" + }, + { + "name": "61442", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61442" + }, + { + "name": "HPSBMU03246", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142358078406056&w=2" + }, + { + "name": "61283", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61283" + }, + { + "name": "SSRT101711", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142113462216480&w=2" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10085" + }, + { + "name": "61654", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61654" + }, + { + "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", + "refsource": "CONFIRM", + "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315" + }, + { + "name": "62312", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62312" + }, + { + "name": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", + "refsource": "CONFIRM", + "url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html" + }, + { + "name": "HPSBMU03217", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141879528318582&w=2" + }, + { + "name": "RHSA-2014:1312", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1312.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685604" + }, + { + "name": "SSRT101868", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142118135300698&w=2" + }, + { + "name": "61703", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61703" + }, + { + "name": "USN-2364-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2364-1" + }, + { + "name": "61065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61065" + }, + { + "name": "HPSBST03129", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141383196021590&w=2" + }, + { + "name": "HPSBMU03144", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141383081521087&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686445" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686131" + }, + { + "name": "JVNDB-2014-000126", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126" + }, + { + "name": "SSRT101827", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141879528318582&w=2" + }, + { + "name": "61641", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61641" + }, + { + "name": "SUSE-SU-2014:1247", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html" + }, + { + "name": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685914" + }, + { + "name": "20141001 FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Oct/0" + }, + { + "name": "MDVSA-2015:164", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + }, + { + "name": "HPSBMU03220", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142721162228379&w=2" + }, + { + "name": "60024", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60024" + }, + { + "name": "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html" + }, + { + "name": "61622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61622" + }, + { + "name": "20140926 GNU Bash Environment Variable Command Injection Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash" + }, + { + "name": "http://support.novell.com/security/cve/CVE-2014-7186.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/security/cve/CVE-2014-7186.html" + }, + { + "name": "[oss-security] 20140928 Re: CVE-2014-6271: remote code execution through bash", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/09/28/10" + }, + { + "name": "62343", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62343" + }, + { + "name": "61565", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61565" + }, + { + "name": "https://www.suse.com/support/shellshock/", + "refsource": "CONFIRM", + "url": "https://www.suse.com/support/shellshock/" + }, + { + "name": "http://support.apple.com/HT204244", + "refsource": "CONFIRM", + "url": "http://support.apple.com/HT204244" + }, + { + "name": "HPSBST03157", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141450491804793&w=2" + }, + { + "name": "61313", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61313" + }, + { + "name": "SSRT101830", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142289270617409&w=2" + }, + { + "name": "SSRT101742", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142358026505815&w=2" + }, + { + "name": "61873", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61873" + }, + { + "name": "[oss-security] 20140926 Re: Fwd: Non-upstream patches for bash", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/09/26/2" + }, + { + "name": "61485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61485" + }, + { + "name": "openSUSE-SU-2014:1242", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html" + }, + { + "name": "61618", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61618" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183" + }, + { + "name": "HPSBST03154", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141577297623641&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272" + }, + { + "name": "HPSBGN03142", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141383244821813&w=2" + }, + { + "name": "61312", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61312" + }, + { + "name": "60193", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60193" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0010.html" + }, + { + "name": "61479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61479" + }, + { + "name": "60063", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60063" + }, + { + "name": "60034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60034" + }, + { + "name": "59907", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59907" + }, + { + "name": "58200", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58200" + }, + { + "name": "HPSBST03181", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141577241923505&w=2" + }, + { + "name": "61643", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61643" + }, + { + "name": "http://www.novell.com/support/kb/doc.php?id=7015721", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7015721" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687079" + }, + { + "name": "61503", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61503" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686246" + }, + { + "name": "RHSA-2014:1354", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1354.html" + }, + { + "name": "HPSBMU03236", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142289270617409&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915" + }, + { + "name": "http://www.qnap.com/i/en/support/con_show.php?cid=61", + "refsource": "CONFIRM", + "url": "http://www.qnap.com/i/en/support/con_show.php?cid=61" + }, + { + "name": "HPSBST03148", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141694386919794&w=2" + }, + { + "name": "61552", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61552" + }, + { + "name": "61780", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61780" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279" + }, + { + "name": "https://support.citrix.com/article/CTX200223", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX200223" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686447" + }, + { + "name": "62228", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62228" + }, + { + "name": "HPSBGN03138", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141330468527613&w=2" + }, + { + "name": "60044", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60044" + }, + { + "name": "61291", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61291" + }, + { + "name": "HPSBHF03125", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141345648114150&w=2" + }, + { + "name": "61287", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61287" + }, + { + "name": "HPSBGN03233", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142118135300698&w=2" + }, + { + "name": "SSRT101739", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142118135300698&w=2" + }, + { + "name": "61711", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61711" + }, + { + "name": "HPSBOV03228", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142113462216480&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361" + }, + { + "name": "APPLE-SA-2015-01-27-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" + }, + { + "name": "HPSBGN03141", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141383304022067&w=2" + }, + { + "name": "RHSA-2014:1311", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1311.html" + }, + { + "name": "61128", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61128" + }, + { + "name": "https://support.citrix.com/article/CTX200217", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX200217" + }, + { + "name": "61471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61471" + }, + { + "name": "60055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60055" + }, + { + "name": "61550", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61550" + }, + { + "name": "61633", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61633" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686494" + }, + { + "name": "https://kb.bluecoat.com/index?page=content&id=SA82", + "refsource": "CONFIRM", + "url": "https://kb.bluecoat.com/index?page=content&id=SA82" + }, + { + "name": "SUSE-SU-2014:1259", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html" + }, + { + "name": "61328", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61328" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685733" + }, + { + "name": "61129", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61129" + }, + { + "name": "61603", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61603" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7312.json b/2014/7xxx/CVE-2014-7312.json index 539f9e88ae9..4c3ee0a3a43 100644 --- a/2014/7xxx/CVE-2014-7312.json +++ b/2014/7xxx/CVE-2014-7312.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7312", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7312", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0063.json b/2017/0xxx/CVE-2017-0063.json index fb72f5236ef..bbb10e62a59 100644 --- a/2017/0xxx/CVE-2017-0063.json +++ b/2017/0xxx/CVE-2017-0063.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Color Management", - "version" : { - "version_data" : [ - { - "version_value" : "The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka \"Microsoft Color Management Information Disclosure Vulnerability.\" This vulnerability is different from that described in CVE-2017-0061." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Color Management", + "version": { + "version_data": [ + { + "version_value": "The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41659", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41659/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0063", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0063" - }, - { - "name" : "96643", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96643" - }, - { - "name" : "1038002", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka \"Microsoft Color Management Information Disclosure Vulnerability.\" This vulnerability is different from that described in CVE-2017-0061." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96643", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96643" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0063", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0063" + }, + { + "name": "41659", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41659/" + }, + { + "name": "1038002", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038002" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0178.json b/2017/0xxx/CVE-2017-0178.json index d2edfcaa778..bd4adb8ce8e 100644 --- a/2017/0xxx/CVE-2017-0178.json +++ b/2017/0xxx/CVE-2017-0178.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Hyper-V", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10, Windows 10 1511, Windows 10 1607, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability exists when Microsoft Hyper-V running on Windows 10, Windows 10 1511, Windows 10 1607, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka \"Hyper-V Denial of Service Vulnerability.\" This CVE ID is unique from CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Hyper-V", + "version": { + "version_data": [ + { + "version_value": "Windows 10, Windows 10 1511, Windows 10 1607, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0178", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0178" - }, - { - "name" : "97416", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97416" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists when Microsoft Hyper-V running on Windows 10, Windows 10 1511, Windows 10 1607, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka \"Hyper-V Denial of Service Vulnerability.\" This CVE ID is unique from CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0178", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0178" + }, + { + "name": "97416", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97416" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0279.json b/2017/0xxx/CVE-2017-0279.json index 92092ddc2d2..6509dd516f8 100644 --- a/2017/0xxx/CVE-2017-0279.json +++ b/2017/0xxx/CVE-2017-0279.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Server Message Block 1.0", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka \"Windows SMB Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0278." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Server Message Block 1.0", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0279", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0279" - }, - { - "name" : "98272", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98272" - }, - { - "name" : "1038430", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038430" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka \"Windows SMB Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0278." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98272", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98272" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0279", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0279" + }, + { + "name": "1038430", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038430" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0627.json b/2017/0xxx/CVE-2017-0627.json index 5515d687c0a..600bf2a579e 100644 --- a/2017/0xxx/CVE-2017-0627.json +++ b/2017/0xxx/CVE-2017-0627.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0627", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33300353." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "USN-3674-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3674-2/" - }, - { - "name" : "USN-3674-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3674-1/" - }, - { - "name" : "98205", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98205" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33300353." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3674-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3674-1/" + }, + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + }, + { + "name": "USN-3674-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3674-2/" + }, + { + "name": "98205", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98205" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0981.json b/2017/0xxx/CVE-2017-0981.json index bafa821ec6c..ecd87e1eead 100644 --- a/2017/0xxx/CVE-2017-0981.json +++ b/2017/0xxx/CVE-2017-0981.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0981", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0981", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18198.json b/2017/18xxx/CVE-2017-18198.json index 96388207551..d9dc328cc92 100644 --- a/2017/18xxx/CVE-2017-18198.json +++ b/2017/18xxx/CVE-2017-18198.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18198", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18198", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz", - "refsource" : "CONFIRM", - "url" : "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz" - }, - { - "name" : "https://savannah.gnu.org/bugs/?52265", - "refsource" : "CONFIRM", - "url" : "https://savannah.gnu.org/bugs/?52265" - }, - { - "name" : "RHSA-2018:3246", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3246" - }, - { - "name" : "103200", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://savannah.gnu.org/bugs/?52265", + "refsource": "CONFIRM", + "url": "https://savannah.gnu.org/bugs/?52265" + }, + { + "name": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz", + "refsource": "CONFIRM", + "url": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz" + }, + { + "name": "103200", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103200" + }, + { + "name": "RHSA-2018:3246", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3246" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1199.json b/2017/1xxx/CVE-2017-1199.json index ec925fc706e..76826e0ecca 100644 --- a/2017/1xxx/CVE-2017-1199.json +++ b/2017/1xxx/CVE-2017-1199.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-08-01T00:00:00", - "ID" : "CVE-2017-1199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "InfoSphere Master Data Management", - "version" : { - "version_data" : [ - { - "version_value" : "10.1" - }, - { - "version_value" : "11.0" - }, - { - "version_value" : "11.3" - }, - { - "version_value" : "11.4" - }, - { - "version_value" : "10.1.0" - }, - { - "version_value" : "11.0.0" - }, - { - "version_value" : "11.5" - }, - { - "version_value" : "11.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123674." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-08-01T00:00:00", + "ID": "CVE-2017-1199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "InfoSphere Master Data Management", + "version": { + "version_data": [ + { + "version_value": "10.1" + }, + { + "version_value": "11.0" + }, + { + "version_value": "11.3" + }, + { + "version_value": "11.4" + }, + { + "version_value": "10.1.0" + }, + { + "version_value": "11.0.0" + }, + { + "version_value": "11.5" + }, + { + "version_value": "11.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123674", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123674" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006618", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006618" - }, - { - "name" : "100129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123674." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123674", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123674" + }, + { + "name": "100129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100129" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22006618", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22006618" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1513.json b/2017/1xxx/CVE-2017-1513.json index d26197b2824..9113c2e7cf2 100644 --- a/2017/1xxx/CVE-2017-1513.json +++ b/2017/1xxx/CVE-2017-1513.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1513", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1513", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1901.json b/2017/1xxx/CVE-2017-1901.json index c0f9364e5ec..549289cd4aa 100644 --- a/2017/1xxx/CVE-2017-1901.json +++ b/2017/1xxx/CVE-2017-1901.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1901", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1901", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4216.json b/2017/4xxx/CVE-2017-4216.json index db759887307..8ae613afd51 100644 --- a/2017/4xxx/CVE-2017-4216.json +++ b/2017/4xxx/CVE-2017-4216.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4216", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4216", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4359.json b/2017/4xxx/CVE-2017-4359.json index a66fd9dff2e..b0657c5fb1e 100644 --- a/2017/4xxx/CVE-2017-4359.json +++ b/2017/4xxx/CVE-2017-4359.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4359", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4359", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5389.json b/2017/5xxx/CVE-2017-5389.json index 39742512883..a0b8f1c493e 100644 --- a/2017/5xxx/CVE-2017-5389.json +++ b/2017/5xxx/CVE-2017-5389.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "51" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebExtensions could use the \"mozAddonManager\" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 51." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "WebExtensions can install additional add-ons via modified host requests" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "51" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1308688", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1308688" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-01/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-01/" - }, - { - "name" : "95763", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95763" - }, - { - "name" : "1037693", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebExtensions could use the \"mozAddonManager\" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 51." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "WebExtensions can install additional add-ons via modified host requests" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037693", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037693" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-01/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1308688", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1308688" + }, + { + "name": "95763", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95763" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5584.json b/2017/5xxx/CVE-2017-5584.json index 7c1d3c26647..319f67814af 100644 --- a/2017/5xxx/CVE-2017-5584.json +++ b/2017/5xxx/CVE-2017-5584.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://securityadvisories.paloaltonetworks.com/Home/Detail/74", - "refsource" : "CONFIRM", - "url" : "http://securityadvisories.paloaltonetworks.com/Home/Detail/74" - }, - { - "name" : "96371", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96371" - }, - { - "name" : "1037889", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96371", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96371" + }, + { + "name": "1037889", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037889" + }, + { + "name": "http://securityadvisories.paloaltonetworks.com/Home/Detail/74", + "refsource": "CONFIRM", + "url": "http://securityadvisories.paloaltonetworks.com/Home/Detail/74" + } + ] + } +} \ No newline at end of file