From 6ba37b4de0e94e86c65750acfc9af3267d796e4f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:21:39 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/2xxx/CVE-2006-2491.json | 200 ++++++++-------- 2006/2xxx/CVE-2006-2591.json | 150 ++++++------ 2006/2xxx/CVE-2006-2618.json | 160 ++++++------- 2006/2xxx/CVE-2006-2850.json | 170 +++++++------- 2006/3xxx/CVE-2006-3013.json | 200 ++++++++-------- 2006/3xxx/CVE-2006-3040.json | 160 ++++++------- 2006/3xxx/CVE-2006-3065.json | 170 +++++++------- 2006/3xxx/CVE-2006-3081.json | 330 +++++++++++++------------- 2006/6xxx/CVE-2006-6229.json | 120 +++++----- 2006/6xxx/CVE-2006-6364.json | 180 +++++++-------- 2006/6xxx/CVE-2006-6579.json | 120 +++++----- 2006/7xxx/CVE-2006-7076.json | 160 ++++++------- 2011/0xxx/CVE-2011-0085.json | 270 +++++++++++----------- 2011/0xxx/CVE-2011-0098.json | 200 ++++++++-------- 2011/0xxx/CVE-2011-0402.json | 240 +++++++++---------- 2011/0xxx/CVE-2011-0555.json | 180 +++++++-------- 2011/0xxx/CVE-2011-0941.json | 130 +++++------ 2011/1xxx/CVE-2011-1349.json | 34 +-- 2011/3xxx/CVE-2011-3205.json | 360 ++++++++++++++--------------- 2011/4xxx/CVE-2011-4145.json | 34 +-- 2011/4xxx/CVE-2011-4152.json | 34 +-- 2011/4xxx/CVE-2011-4193.json | 120 +++++----- 2011/4xxx/CVE-2011-4441.json | 34 +-- 2011/4xxx/CVE-2011-4481.json | 34 +-- 2011/4xxx/CVE-2011-4891.json | 34 +-- 2013/5xxx/CVE-2013-5346.json | 34 +-- 2013/5xxx/CVE-2013-5351.json | 180 +++++++-------- 2013/5xxx/CVE-2013-5372.json | 230 +++++++++--------- 2013/5xxx/CVE-2013-5750.json | 120 +++++----- 2013/5xxx/CVE-2013-5858.json | 180 +++++++-------- 2013/5xxx/CVE-2013-5938.json | 160 ++++++------- 2014/2xxx/CVE-2014-2226.json | 150 ++++++------ 2014/2xxx/CVE-2014-2947.json | 130 +++++------ 2014/2xxx/CVE-2014-2991.json | 34 +-- 2014/6xxx/CVE-2014-6581.json | 130 +++++------ 2014/6xxx/CVE-2014-6735.json | 140 +++++------ 2014/7xxx/CVE-2014-7011.json | 140 +++++------ 2014/7xxx/CVE-2014-7732.json | 34 +-- 2017/0xxx/CVE-2017-0049.json | 140 +++++------ 2017/0xxx/CVE-2017-0070.json | 150 ++++++------ 2017/0xxx/CVE-2017-0108.json | 150 ++++++------ 2017/0xxx/CVE-2017-0129.json | 140 +++++------ 2017/0xxx/CVE-2017-0992.json | 34 +-- 2017/1000xxx/CVE-2017-1000035.json | 124 +++++----- 2017/1000xxx/CVE-2017-1000045.json | 37 ++- 2017/1000xxx/CVE-2017-1000113.json | 124 +++++----- 2017/18xxx/CVE-2017-18336.json | 34 +-- 2017/1xxx/CVE-2017-1125.json | 164 ++++++------- 2017/1xxx/CVE-2017-1169.json | 232 +++++++++---------- 2017/1xxx/CVE-2017-1751.json | 142 ++++++------ 2017/1xxx/CVE-2017-1906.json | 34 +-- 2017/4xxx/CVE-2017-4364.json | 34 +-- 2017/5xxx/CVE-2017-5249.json | 120 +++++----- 2017/5xxx/CVE-2017-5617.json | 160 ++++++------- 2017/5xxx/CVE-2017-5878.json | 130 +++++------ 55 files changed, 3716 insertions(+), 3719 deletions(-) diff --git a/2006/2xxx/CVE-2006-2491.json b/2006/2xxx/CVE-2006-2491.json index fc667349271..bca0c3a6633 100644 --- a/2006/2xxx/CVE-2006-2491.json +++ b/2006/2xxx/CVE-2006-2491.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2491", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/admin.php in BoastMachine (bMachine) 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is accessed using the $_SERVER[\"PHP_SELF\"] variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2491", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060517 Boastmachine Cross Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434294/100/0/threaded" - }, - { - "name" : "18012", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18012" - }, - { - "name" : "ADV-2006-1853", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1853" - }, - { - "name" : "25617", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25617" - }, - { - "name" : "25618", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25618" - }, - { - "name" : "20149", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20149" - }, - { - "name" : "725", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/725" - }, - { - "name" : "927", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/927" - }, - { - "name" : "boastmachine-phpself-xss(26518)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26518" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/admin.php in BoastMachine (bMachine) 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is accessed using the $_SERVER[\"PHP_SELF\"] variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "725", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/725" + }, + { + "name": "boastmachine-phpself-xss(26518)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26518" + }, + { + "name": "ADV-2006-1853", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1853" + }, + { + "name": "927", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/927" + }, + { + "name": "20060517 Boastmachine Cross Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434294/100/0/threaded" + }, + { + "name": "25618", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25618" + }, + { + "name": "20149", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20149" + }, + { + "name": "25617", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25617" + }, + { + "name": "18012", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18012" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2591.json b/2006/2xxx/CVE-2006-2591.json index 9b319e08561..aa5749a3f3b 100644 --- a/2006/2xxx/CVE-2006-2591.json +++ b/2006/2xxx/CVE-2006-2591.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2591", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an \"emailing exploit\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://e107.org/comment.php?comment.news.788", - "refsource" : "CONFIRM", - "url" : "http://e107.org/comment.php?comment.news.788" - }, - { - "name" : "ADV-2006-1963", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1963" - }, - { - "name" : "25740", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25740" - }, - { - "name" : "20262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20262" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an \"emailing exploit\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20262" + }, + { + "name": "http://e107.org/comment.php?comment.news.788", + "refsource": "CONFIRM", + "url": "http://e107.org/comment.php?comment.news.788" + }, + { + "name": "ADV-2006-1963", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1963" + }, + { + "name": "25740", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25740" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2618.json b/2006/2xxx/CVE-2006-2618.json index f451cac3f77..519234bd52e 100644 --- a/2006/2xxx/CVE-2006-2618.json +++ b/2006/2xxx/CVE-2006-2618.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, might allow remote attackers to inject arbitrary web script or HTML via the \"write a review\" box. NOTE: since user reviews do not require administrator privileges, and an auto-approve mechanism exists, this issue is a vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060523 AlstraSoft Web Host Directory v1.2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434912/100/0/threaded" - }, - { - "name" : "http://www.sitepoint.com/forums/showthread.php?t=311969", - "refsource" : "MISC", - "url" : "http://www.sitepoint.com/forums/showthread.php?t=311969" - }, - { - "name" : "955", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/955" - }, - { - "name" : "hs-webhostdirectory-review-xss(26666)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26666" - }, - { - "name" : "webhostdirectory-review-xss(26665)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, might allow remote attackers to inject arbitrary web script or HTML via the \"write a review\" box. NOTE: since user reviews do not require administrator privileges, and an auto-approve mechanism exists, this issue is a vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "955", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/955" + }, + { + "name": "http://www.sitepoint.com/forums/showthread.php?t=311969", + "refsource": "MISC", + "url": "http://www.sitepoint.com/forums/showthread.php?t=311969" + }, + { + "name": "hs-webhostdirectory-review-xss(26666)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26666" + }, + { + "name": "20060523 AlstraSoft Web Host Directory v1.2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434912/100/0/threaded" + }, + { + "name": "webhostdirectory-review-xss(26665)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26665" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2850.json b/2006/2xxx/CVE-2006-2850.json index be8391d95d3..5749495e90e 100644 --- a/2006/2xxx/CVE-2006-2850.json +++ b/2006/2xxx/CVE-2006-2850.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP Labware LabWiki 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the help parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/labwiki-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/labwiki-xss-vuln.html" - }, - { - "name" : "18267", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18267" - }, - { - "name" : "ADV-2006-2123", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2123" - }, - { - "name" : "25963", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25963" - }, - { - "name" : "20417", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20417" - }, - { - "name" : "labwiki-recentchanges(26902)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26902" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP Labware LabWiki 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the help parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18267", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18267" + }, + { + "name": "labwiki-recentchanges(26902)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26902" + }, + { + "name": "http://pridels0.blogspot.com/2006/06/labwiki-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/labwiki-xss-vuln.html" + }, + { + "name": "ADV-2006-2123", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2123" + }, + { + "name": "20417", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20417" + }, + { + "name": "25963", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25963" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3013.json b/2006/3xxx/CVE-2006-3013.json index 59a6aa772a4..8baf810c7c9 100644 --- a/2006/3xxx/CVE-2006-3013.json +++ b/2006/3xxx/CVE-2006-3013.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null (%00) character after a valid e-mail address, which passes the validation check in the eregi PHP command. NOTE: it could be argued that this vulnerability is due to a bug in the eregi PHP command and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpBannerExchange." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060615 Advisory: Unauthorized password recovery in phpBannerExchange", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437294/100/0/threaded" - }, - { - "name" : "20060615 Advisory: Unauthorized password recovery in phpBannerExchange", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046953.html" - }, - { - "name" : "http://www.redteam-pentesting.de/advisories/rt-sa-2006-005.txt", - "refsource" : "MISC", - "url" : "http://www.redteam-pentesting.de/advisories/rt-sa-2006-005.txt" - }, - { - "name" : "http://www.eschew.net/scripts/phpbe/2.0/releasenotes.php", - "refsource" : "CONFIRM", - "url" : "http://www.eschew.net/scripts/phpbe/2.0/releasenotes.php" - }, - { - "name" : "18448", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18448" - }, - { - "name" : "ADV-2006-2358", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2358" - }, - { - "name" : "26509", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26509" - }, - { - "name" : "20687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20687" - }, - { - "name" : "phpbannerexchange-resetpw-info-disclosure(27193)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null (%00) character after a valid e-mail address, which passes the validation check in the eregi PHP command. NOTE: it could be argued that this vulnerability is due to a bug in the eregi PHP command and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpBannerExchange." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060615 Advisory: Unauthorized password recovery in phpBannerExchange", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046953.html" + }, + { + "name": "18448", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18448" + }, + { + "name": "26509", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26509" + }, + { + "name": "http://www.eschew.net/scripts/phpbe/2.0/releasenotes.php", + "refsource": "CONFIRM", + "url": "http://www.eschew.net/scripts/phpbe/2.0/releasenotes.php" + }, + { + "name": "http://www.redteam-pentesting.de/advisories/rt-sa-2006-005.txt", + "refsource": "MISC", + "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2006-005.txt" + }, + { + "name": "ADV-2006-2358", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2358" + }, + { + "name": "20060615 Advisory: Unauthorized password recovery in phpBannerExchange", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437294/100/0/threaded" + }, + { + "name": "phpbannerexchange-resetpw-info-disclosure(27193)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27193" + }, + { + "name": "20687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20687" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3040.json b/2006/3xxx/CVE-2006-3040.json index 2d9dd95b651..445b8e92ff6 100644 --- a/2006/3xxx/CVE-2006-3040.json +++ b/2006/3xxx/CVE-2006-3040.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** PHP remote file inclusion vulnerability in talkbox.php in Amr Talkbox allows remote attackers to execute arbitrary PHP code via a URL in the direct parameter. NOTE: this issue has been disputed by CVE, since the $direct variable is set to a static value just before the include statement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060613 Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436993/100/0/threaded" - }, - { - "name" : "20060615 Re: Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437266/100/0/threaded" - }, - { - "name" : "27455", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27455" - }, - { - "name" : "1105", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1105" - }, - { - "name" : "amr-talkbox-file-include(27122)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27122" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PHP remote file inclusion vulnerability in talkbox.php in Amr Talkbox allows remote attackers to execute arbitrary PHP code via a URL in the direct parameter. NOTE: this issue has been disputed by CVE, since the $direct variable is set to a static value just before the include statement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060613 Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436993/100/0/threaded" + }, + { + "name": "20060615 Re: Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437266/100/0/threaded" + }, + { + "name": "amr-talkbox-file-include(27122)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27122" + }, + { + "name": "27455", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27455" + }, + { + "name": "1105", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1105" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3065.json b/2006/3xxx/CVE-2006-3065.json index ab1b10e43db..dbbfdc60ba0 100644 --- a/2006/3xxx/CVE-2006-3065.json +++ b/2006/3xxx/CVE-2006-3065.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in engine/shards/blog.php in blur6ex 0.3.462 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a proc_reply action in the blog shard. NOTE: This is a similar vulnerability to CVE-2006-1763, but the affected code and versions are different." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060612 blur6ex <= 0.3.462 'ID' blind sql injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437015/100/0/threaded" - }, - { - "name" : "1904", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1904" - }, - { - "name" : "ADV-2006-2341", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2341" - }, - { - "name" : "20646", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20646" - }, - { - "name" : "1113", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1113" - }, - { - "name" : "blur6ex-blog-id-sql-injection(27120)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in engine/shards/blog.php in blur6ex 0.3.462 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a proc_reply action in the blog shard. NOTE: This is a similar vulnerability to CVE-2006-1763, but the affected code and versions are different." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1113", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1113" + }, + { + "name": "ADV-2006-2341", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2341" + }, + { + "name": "blur6ex-blog-id-sql-injection(27120)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27120" + }, + { + "name": "1904", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1904" + }, + { + "name": "20060612 blur6ex <= 0.3.462 'ID' blind sql injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437015/100/0/threaded" + }, + { + "name": "20646", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20646" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3081.json b/2006/3xxx/CVE-2006-3081.json index 293f46b5806..6959dd1a3b7 100644 --- a/2006/3xxx/CVE-2006-3081.json +++ b/2006/3xxx/CVE-2006-3081.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060614 MySQL DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437145" - }, - { - "name" : "20060615 Re: MySQL DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437277" - }, - { - "name" : "20060615 Re: MySQL DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437571/100/0/threaded" - }, - { - "name" : "20060615 MySQL DoS", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/lists/fulldisclosure/2006/Jun/0434.html" - }, - { - "name" : "http://bugs.mysql.com/bug.php?id=15828", - "refsource" : "CONFIRM", - "url" : "http://bugs.mysql.com/bug.php?id=15828" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373913", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373913" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=305214", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=305214" - }, - { - "name" : "APPLE-SA-2007-03-13", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html" - }, - { - "name" : "DSA-1112", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1112" - }, - { - "name" : "MDKSA-2006:111", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:111" - }, - { - "name" : "RHSA-2007:0083", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0083.html" - }, - { - "name" : "USN-306-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/306-1/" - }, - { - "name" : "TA06-208A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-208A.html" - }, - { - "name" : "TA07-072A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-072A.html" - }, - { - "name" : "18439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18439" - }, - { - "name" : "oval:org.mitre.oval:def:9516", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9516" - }, - { - "name" : "ADV-2007-0930", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0930" - }, - { - "name" : "20832", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20832" - }, - { - "name" : "19929", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19929" - }, - { - "name" : "20871", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20871" - }, - { - "name" : "24479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24479" - }, - { - "name" : "mysql-select-dos(27212)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mysql-select-dos(27212)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27212" + }, + { + "name": "19929", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19929" + }, + { + "name": "TA07-072A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html" + }, + { + "name": "20060615 MySQL DoS", + "refsource": "FULLDISC", + "url": "http://seclists.org/lists/fulldisclosure/2006/Jun/0434.html" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373913", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373913" + }, + { + "name": "TA06-208A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-208A.html" + }, + { + "name": "20832", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20832" + }, + { + "name": "APPLE-SA-2007-03-13", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html" + }, + { + "name": "20060614 MySQL DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437145" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=305214", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=305214" + }, + { + "name": "MDKSA-2006:111", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:111" + }, + { + "name": "20060615 Re: MySQL DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437277" + }, + { + "name": "DSA-1112", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1112" + }, + { + "name": "18439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18439" + }, + { + "name": "ADV-2007-0930", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0930" + }, + { + "name": "20871", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20871" + }, + { + "name": "RHSA-2007:0083", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0083.html" + }, + { + "name": "20060615 Re: MySQL DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437571/100/0/threaded" + }, + { + "name": "USN-306-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/306-1/" + }, + { + "name": "http://bugs.mysql.com/bug.php?id=15828", + "refsource": "CONFIRM", + "url": "http://bugs.mysql.com/bug.php?id=15828" + }, + { + "name": "24479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24479" + }, + { + "name": "oval:org.mitre.oval:def:9516", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9516" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6229.json b/2006/6xxx/CVE-2006-6229.json index 4e85cc02a7d..bb64809c702 100644 --- a/2006/6xxx/CVE-2006-6229.json +++ b/2006/6xxx/CVE-2006-6229.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6229", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6229", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ltwcalendar.sourceforge.net/changelog.php", - "refsource" : "CONFIRM", - "url" : "http://ltwcalendar.sourceforge.net/changelog.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ltwcalendar.sourceforge.net/changelog.php", + "refsource": "CONFIRM", + "url": "http://ltwcalendar.sourceforge.net/changelog.php" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6364.json b/2006/6xxx/CVE-2006-6364.json index 5eb9cc45ba7..15edfc58b48 100644 --- a/2006/6xxx/CVE-2006-6364.json +++ b/2006/6xxx/CVE-2006-6364.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in error.php in Inside Systems Mail (ISMail) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061202 [ISecAuditors Security Advisories] XSS vulnerability in error page of ISMail", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453420/100/0/threaded" - }, - { - "name" : "http://www.insidesystems.net/projects/project.php?projectid=4", - "refsource" : "CONFIRM", - "url" : "http://www.insidesystems.net/projects/project.php?projectid=4" - }, - { - "name" : "21424", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21424" - }, - { - "name" : "ADV-2006-4848", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4848" - }, - { - "name" : "23229", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23229" - }, - { - "name" : "1990", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1990" - }, - { - "name" : "ismail-error-xss(30704)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30704" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in error.php in Inside Systems Mail (ISMail) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.insidesystems.net/projects/project.php?projectid=4", + "refsource": "CONFIRM", + "url": "http://www.insidesystems.net/projects/project.php?projectid=4" + }, + { + "name": "1990", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1990" + }, + { + "name": "ismail-error-xss(30704)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30704" + }, + { + "name": "20061202 [ISecAuditors Security Advisories] XSS vulnerability in error page of ISMail", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453420/100/0/threaded" + }, + { + "name": "ADV-2006-4848", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4848" + }, + { + "name": "21424", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21424" + }, + { + "name": "23229", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23229" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6579.json b/2006/6xxx/CVE-2006-6579.json index 228bbe9be61..8a4b415050e 100644 --- a/2006/6xxx/CVE-2006-6579.json +++ b/2006/6xxx/CVE-2006-6579.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\\pchealth\\ERRORREP\\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061213 ASP Cmd Shell On IIS 5.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454268/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\\pchealth\\ERRORREP\\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061213 ASP Cmd Shell On IIS 5.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454268/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7076.json b/2006/7xxx/CVE-2006-7076.json index 9c77ca49355..621abd167ed 100644 --- a/2006/7xxx/CVE-2006-7076.json +++ b/2006/7xxx/CVE-2006-7076.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. NOTE: this issue might be resultant from SQL injection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060722 [MajorSecurity #25] Advanced Guestbook 2.4 for phpBB - Multiple XSS and SQL-Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-07/0381.html" - }, - { - "name" : "http://www.majorsecurity.de/advisory/major_rls25.txt", - "refsource" : "MISC", - "url" : "http://www.majorsecurity.de/advisory/major_rls25.txt" - }, - { - "name" : "19905", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19905" - }, - { - "name" : "2323", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2323" - }, - { - "name" : "advancedguestbook-guestbook-xss(27907)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27907" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. NOTE: this issue might be resultant from SQL injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2323", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2323" + }, + { + "name": "http://www.majorsecurity.de/advisory/major_rls25.txt", + "refsource": "MISC", + "url": "http://www.majorsecurity.de/advisory/major_rls25.txt" + }, + { + "name": "20060722 [MajorSecurity #25] Advanced Guestbook 2.4 for phpBB - Multiple XSS and SQL-Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0381.html" + }, + { + "name": "advancedguestbook-guestbook-xss(27907)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27907" + }, + { + "name": "19905", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19905" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0085.json b/2011/0xxx/CVE-2011-0085.json index 39bf24bff31..0e4ba7df59c 100644 --- a/2011/0xxx/CVE-2011-0085.json +++ b/2011/0xxx/CVE-2011-0085.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-23.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-23.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=648100", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=648100" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100144854", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100144854" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100145333", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100145333" - }, - { - "name" : "DSA-2268", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2268" - }, - { - "name" : "DSA-2269", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2269" - }, - { - "name" : "DSA-2273", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2273" - }, - { - "name" : "MDVSA-2011:111", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:111" - }, - { - "name" : "RHSA-2011:0885", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0885.html" - }, - { - "name" : "RHSA-2011:0886", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0886.html" - }, - { - "name" : "RHSA-2011:0887", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0887.html" - }, - { - "name" : "RHSA-2011:0888", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0888.html" - }, - { - "name" : "SUSE-SA:2011:028", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html" - }, - { - "name" : "USN-1149-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1149-1" - }, - { - "name" : "oval:org.mitre.oval:def:14432", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14432" - }, - { - "name" : "45002", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:111", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:111" + }, + { + "name": "45002", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45002" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100145333", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100145333" + }, + { + "name": "USN-1149-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1149-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=648100", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=648100" + }, + { + "name": "oval:org.mitre.oval:def:14432", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14432" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100144854", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100144854" + }, + { + "name": "RHSA-2011:0887", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0887.html" + }, + { + "name": "RHSA-2011:0885", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0885.html" + }, + { + "name": "DSA-2268", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2268" + }, + { + "name": "RHSA-2011:0888", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0888.html" + }, + { + "name": "DSA-2269", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2269" + }, + { + "name": "SUSE-SA:2011:028", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html" + }, + { + "name": "RHSA-2011:0886", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0886.html" + }, + { + "name": "DSA-2273", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2273" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-23.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-23.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0098.json b/2011/0xxx/CVE-2011-0098.json index c4a6f1d9152..4b03d7d64fd 100644 --- a/2011/0xxx/CVE-2011-0098.json +++ b/2011/0xxx/CVE-2011-0098.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via an XLS file with a large record size, aka \"Excel Heap Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-0098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2011-32/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2011-32/" - }, - { - "name" : "MS11-021", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021" - }, - { - "name" : "TA11-102A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" - }, - { - "name" : "47235", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47235" - }, - { - "name" : "71759", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/71759" - }, - { - "name" : "oval:org.mitre.oval:def:12034", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12034" - }, - { - "name" : "1025337", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025337" - }, - { - "name" : "39122", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39122" - }, - { - "name" : "ADV-2011-0940", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0940" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via an XLS file with a large record size, aka \"Excel Heap Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-102A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" + }, + { + "name": "39122", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39122" + }, + { + "name": "71759", + "refsource": "OSVDB", + "url": "http://osvdb.org/71759" + }, + { + "name": "oval:org.mitre.oval:def:12034", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12034" + }, + { + "name": "1025337", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025337" + }, + { + "name": "47235", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47235" + }, + { + "name": "http://secunia.com/secunia_research/2011-32/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2011-32/" + }, + { + "name": "MS11-021", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021" + }, + { + "name": "ADV-2011-0940", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0940" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0402.json b/2011/0xxx/CVE-2011-0402.json index 204e4422e30..8ad5aaa359e 100644 --- a/2011/0xxx/CVE-2011-0402.json +++ b/2011/0xxx/CVE-2011-0402.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-2142", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2142" - }, - { - "name" : "FEDORA-2011-0345", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html" - }, - { - "name" : "FEDORA-2011-0362", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html" - }, - { - "name" : "USN-1038-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1038-1" - }, - { - "name" : "45703", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45703" - }, - { - "name" : "70367", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70367" - }, - { - "name" : "42826", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42826" - }, - { - "name" : "42831", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42831" - }, - { - "name" : "43054", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43054" - }, - { - "name" : "ADV-2011-0040", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0040" - }, - { - "name" : "ADV-2011-0044", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0044" - }, - { - "name" : "ADV-2011-0196", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0196" - }, - { - "name" : "dpkg-dpkgsource-symlink(64614)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64614" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42831", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42831" + }, + { + "name": "FEDORA-2011-0345", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html" + }, + { + "name": "dpkg-dpkgsource-symlink(64614)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64614" + }, + { + "name": "42826", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42826" + }, + { + "name": "FEDORA-2011-0362", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html" + }, + { + "name": "USN-1038-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1038-1" + }, + { + "name": "70367", + "refsource": "OSVDB", + "url": "http://osvdb.org/70367" + }, + { + "name": "ADV-2011-0040", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0040" + }, + { + "name": "45703", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45703" + }, + { + "name": "DSA-2142", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2142" + }, + { + "name": "43054", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43054" + }, + { + "name": "ADV-2011-0044", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0044" + }, + { + "name": "ADV-2011-0196", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0196" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0555.json b/2011/0xxx/CVE-2011-0555.json index 5f754475ccf..3552b1b4604 100644 --- a/2011/0xxx/CVE-2011-0555.json +++ b/2011/0xxx/CVE-2011-0555.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TextXtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a Director file with a crafted DEMX RIFF chunk that triggers incorrect buffer allocation, a different vulnerability than CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-0555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110209 TPTI-11-02: Adobe Shockwave TextXtra Invalid Seek Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516333/100/0/threaded" - }, - { - "name" : "http://dvlabs.tippingpoint.com/advisory/TPTI-11-02", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/advisory/TPTI-11-02" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-01.html" - }, - { - "name" : "46327", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46327" - }, - { - "name" : "1025056", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025056" - }, - { - "name" : "ADV-2011-0335", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0335" - }, - { - "name" : "shockwave-memory-code-execution(65257)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65257" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TextXtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a Director file with a crafted DEMX RIFF chunk that triggers incorrect buffer allocation, a different vulnerability than CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110209 TPTI-11-02: Adobe Shockwave TextXtra Invalid Seek Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516333/100/0/threaded" + }, + { + "name": "shockwave-memory-code-execution(65257)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65257" + }, + { + "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-11-02", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-11-02" + }, + { + "name": "ADV-2011-0335", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0335" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-01.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-01.html" + }, + { + "name": "46327", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46327" + }, + { + "name": "1025056", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025056" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0941.json b/2011/0xxx/CVE-2011-0941.json index 5c32c976702..491517d8439 100644 --- a/2011/0xxx/CVE-2011-0941.json +++ b/2011/0xxx/CVE-2011-0941.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in Cisco Unified Communications Manager (CUCM) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1), and Cisco IOS 12.4 and 15.1, allows remote attackers to cause a denial of service (memory consumption and process failure or device reload) via a malformed SIP message, aka Bug IDs CSCti75128 and CSCtj09179." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-0941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=24525", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=24525" - }, - { - "name" : "20110928 Cisco Unified Communications Manager Memory Leak Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in Cisco Unified Communications Manager (CUCM) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1), and Cisco IOS 12.4 and 15.1, allows remote attackers to cause a denial of service (memory consumption and process failure or device reload) via a malformed SIP message, aka Bug IDs CSCti75128 and CSCtj09179." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24525", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24525" + }, + { + "name": "20110928 Cisco Unified Communications Manager Memory Leak Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1349.json b/2011/1xxx/CVE-2011-1349.json index acb80306f0a..fe5c40a3189 100644 --- a/2011/1xxx/CVE-2011-1349.json +++ b/2011/1xxx/CVE-2011-1349.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1349", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1349", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3205.json b/2011/3xxx/CVE-2011-3205.json index 9c1bc35555c..96dd55e93d9 100644 --- a/2011/3xxx/CVE-2011-3205.json +++ b/2011/3xxx/CVE-2011-3205.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110829 CVE-request(?): squid: buffer overflow in Gopher reply parser", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/08/29/2" - }, - { - "name" : "[oss-security] 20110830 Re: CVE-request(?): squid: buffer overflow in Gopher reply parser", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/08/30/4" - }, - { - "name" : "[oss-security] 20110830 Re: CVE-request(?): squid: buffer overflow in Gopher reply parser", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/08/30/8" - }, - { - "name" : "http://www.squid-cache.org/Advisories/SQUID-2011_3.txt", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Advisories/SQUID-2011_3.txt" - }, - { - "name" : "http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch" - }, - { - "name" : "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch" - }, - { - "name" : "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch" - }, - { - "name" : "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=734583", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=734583" - }, - { - "name" : "DSA-2304", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2304" - }, - { - "name" : "FEDORA-2011-11854", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html" - }, - { - "name" : "MDVSA-2011:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:150" - }, - { - "name" : "RHSA-2011:1293", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1293.html" - }, - { - "name" : "SUSE-SU-2011:1019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html" - }, - { - "name" : "openSUSE-SU-2011:1018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html" - }, - { - "name" : "SUSE-SU-2016:1996", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html" - }, - { - "name" : "SUSE-SU-2016:2089", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html" - }, - { - "name" : "49356", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49356" - }, - { - "name" : "74847", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/74847" - }, - { - "name" : "1025981", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025981" - }, - { - "name" : "45805", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45805" - }, - { - "name" : "45906", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45906" - }, - { - "name" : "45920", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45920" - }, - { - "name" : "45965", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45965" - }, - { - "name" : "46029", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2011:1293", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1293.html" + }, + { + "name": "46029", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46029" + }, + { + "name": "45906", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45906" + }, + { + "name": "FEDORA-2011-11854", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html" + }, + { + "name": "SUSE-SU-2016:1996", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html" + }, + { + "name": "SUSE-SU-2011:1019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html" + }, + { + "name": "1025981", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025981" + }, + { + "name": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch" + }, + { + "name": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch" + }, + { + "name": "http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch" + }, + { + "name": "45965", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45965" + }, + { + "name": "45805", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45805" + }, + { + "name": "DSA-2304", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2304" + }, + { + "name": "[oss-security] 20110830 Re: CVE-request(?): squid: buffer overflow in Gopher reply parser", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/08/30/8" + }, + { + "name": "http://www.squid-cache.org/Advisories/SQUID-2011_3.txt", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Advisories/SQUID-2011_3.txt" + }, + { + "name": "openSUSE-SU-2011:1018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html" + }, + { + "name": "[oss-security] 20110829 CVE-request(?): squid: buffer overflow in Gopher reply parser", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/08/29/2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=734583", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=734583" + }, + { + "name": "[oss-security] 20110830 Re: CVE-request(?): squid: buffer overflow in Gopher reply parser", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/08/30/4" + }, + { + "name": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch" + }, + { + "name": "SUSE-SU-2016:2089", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html" + }, + { + "name": "49356", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49356" + }, + { + "name": "74847", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/74847" + }, + { + "name": "45920", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45920" + }, + { + "name": "MDVSA-2011:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:150" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4145.json b/2011/4xxx/CVE-2011-4145.json index 8cfc93562c3..64ec766dc5f 100644 --- a/2011/4xxx/CVE-2011-4145.json +++ b/2011/4xxx/CVE-2011-4145.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4145", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4145", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4152.json b/2011/4xxx/CVE-2011-4152.json index 9bd04324723..a96901214bc 100644 --- a/2011/4xxx/CVE-2011-4152.json +++ b/2011/4xxx/CVE-2011-4152.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4152", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4152", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4193.json b/2011/4xxx/CVE-2011-4193.json index 34fae6827d3..a9892879088 100644 --- a/2011/4xxx/CVE-2011-4193.json +++ b/2011/4xxx/CVE-2011-4193.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the overlay files tab in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted application, related to cloning." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SUSE-SU-2011:1324", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00015.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the overlay files tab in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted application, related to cloning." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2011:1324", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00015.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4441.json b/2011/4xxx/CVE-2011-4441.json index 5a1942e4040..bd2e7779ca4 100644 --- a/2011/4xxx/CVE-2011-4441.json +++ b/2011/4xxx/CVE-2011-4441.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4441", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4441", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4481.json b/2011/4xxx/CVE-2011-4481.json index 6f84ba411e5..473aec65d7c 100644 --- a/2011/4xxx/CVE-2011-4481.json +++ b/2011/4xxx/CVE-2011-4481.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4481", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4481", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4891.json b/2011/4xxx/CVE-2011-4891.json index 40c50471371..716f2f9fb1a 100644 --- a/2011/4xxx/CVE-2011-4891.json +++ b/2011/4xxx/CVE-2011-4891.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4891", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4891", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5346.json b/2013/5xxx/CVE-2013-5346.json index 82c77c09b40..45fd6bd4064 100644 --- a/2013/5xxx/CVE-2013-5346.json +++ b/2013/5xxx/CVE-2013-5346.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5346", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-5346", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5351.json b/2013/5xxx/CVE-2013-5351.json index fa9fa451418..b349e398072 100644 --- a/2013/5xxx/CVE-2013-5351.json +++ b/2013/5xxx/CVE-2013-5351.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in IrfanView before 4.37 allows remote attackers to execute arbitrary code via the LZW code stream in a GIF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2013-5351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2013-13/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2013-13/" - }, - { - "name" : "http://www.irfanview.com/main_history.htm", - "refsource" : "CONFIRM", - "url" : "http://www.irfanview.com/main_history.htm" - }, - { - "name" : "64388", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64388" - }, - { - "name" : "101065", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101065" - }, - { - "name" : "54959", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54959" - }, - { - "name" : "irfanview-cve20135351-bo(89808)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89808" - }, - { - "name" : "irfanview-cve20135351-gif-bo(89820)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89820" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in IrfanView before 4.37 allows remote attackers to execute arbitrary code via the LZW code stream in a GIF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64388", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64388" + }, + { + "name": "irfanview-cve20135351-gif-bo(89820)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89820" + }, + { + "name": "irfanview-cve20135351-bo(89808)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89808" + }, + { + "name": "54959", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54959" + }, + { + "name": "http://www.irfanview.com/main_history.htm", + "refsource": "CONFIRM", + "url": "http://www.irfanview.com/main_history.htm" + }, + { + "name": "http://secunia.com/secunia_research/2013-13/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2013-13/" + }, + { + "name": "101065", + "refsource": "OSVDB", + "url": "http://osvdb.org/101065" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5372.json b/2013/5xxx/CVE-2013-5372.json index f94d9b259e1..c36a1fc27a1 100644 --- a/2013/5xxx/CVE-2013-5372.json +++ b/2013/5xxx/CVE-2013-5372.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-5372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21653087", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21653087" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655202", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655202" - }, - { - "name" : "https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013" - }, - { - "name" : "IC96473", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96473" - }, - { - "name" : "RHSA-2013:1507", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1507.html" - }, - { - "name" : "RHSA-2013:1508", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1508.html" - }, - { - "name" : "RHSA-2013:1509", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1509.html" - }, - { - "name" : "RHSA-2013:1793", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1793.html" - }, - { - "name" : "SUSE-SU-2013:1677", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html" - }, - { - "name" : "56338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56338" - }, - { - "name" : "ibm-xml4j-cve20135372-dos(86662)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86662" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IC96473", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96473" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655202", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655202" + }, + { + "name": "RHSA-2013:1508", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1508.html" + }, + { + "name": "SUSE-SU-2013:1677", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201" + }, + { + "name": "ibm-xml4j-cve20135372-dos(86662)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86662" + }, + { + "name": "https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21653087", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653087" + }, + { + "name": "RHSA-2013:1793", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1793.html" + }, + { + "name": "RHSA-2013:1509", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1509.html" + }, + { + "name": "RHSA-2013:1507", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1507.html" + }, + { + "name": "56338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56338" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5750.json b/2013/5xxx/CVE-2013-5750.json index 3640db48e99..0bc2f3ad23d 100644 --- a/2013/5xxx/CVE-2013-5750.json +++ b/2013/5xxx/CVE-2013-5750.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5750", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5750", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://symfony.com/blog/cve-2013-5750-security-issue-in-fosuserbundle-login-form", - "refsource" : "CONFIRM", - "url" : "http://symfony.com/blog/cve-2013-5750-security-issue-in-fosuserbundle-login-form" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://symfony.com/blog/cve-2013-5750-security-issue-in-fosuserbundle-login-form", + "refsource": "CONFIRM", + "url": "http://symfony.com/blog/cve-2013-5750-security-issue-in-fosuserbundle-login-form" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5858.json b/2013/5xxx/CVE-2013-5858.json index 3c5e676c03b..ba07cf637f7 100644 --- a/2013/5xxx/CVE-2013-5858.json +++ b/2013/5xxx/CVE-2013-5858.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2015-0370." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "SUSE-SU-2014:0130", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00007.html" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64820", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64820" - }, - { - "name" : "102082", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102082" - }, - { - "name" : "1029607", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029607" - }, - { - "name" : "56452", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2015-0370." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029607", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029607" + }, + { + "name": "64820", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64820" + }, + { + "name": "102082", + "refsource": "OSVDB", + "url": "http://osvdb.org/102082" + }, + { + "name": "56452", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56452" + }, + { + "name": "SUSE-SU-2014:0130", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00007.html" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5938.json b/2013/5xxx/CVE-2013-5938.json index 488ce43a29a..ad4c6e10bdb 100644 --- a/2013/5xxx/CVE-2013-5938.json +++ b/2013/5xxx/CVE-2013-5938.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a confirmation form." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130911 [Security-news] SA-CONTRIB-2013-075 - Click2Sell - Multiple Vulnerabilities (XSS and CSRF)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Sep/64" - }, - { - "name" : "[oss-security] 20131021 RE: Re: CVE duplicates SA-CONTRIB-2013-075", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/10/21/5" - }, - { - "name" : "https://drupal.org/node/2087055", - "refsource" : "MISC", - "url" : "https://drupal.org/node/2087055" - }, - { - "name" : "97204", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/97204" - }, - { - "name" : "drupal-click2sell-confirmation-xss(87050)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87050" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a confirmation form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "drupal-click2sell-confirmation-xss(87050)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87050" + }, + { + "name": "[oss-security] 20131021 RE: Re: CVE duplicates SA-CONTRIB-2013-075", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/10/21/5" + }, + { + "name": "20130911 [Security-news] SA-CONTRIB-2013-075 - Click2Sell - Multiple Vulnerabilities (XSS and CSRF)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Sep/64" + }, + { + "name": "97204", + "refsource": "OSVDB", + "url": "http://osvdb.org/97204" + }, + { + "name": "https://drupal.org/node/2087055", + "refsource": "MISC", + "url": "https://drupal.org/node/2087055" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2226.json b/2014/2xxx/CVE-2014-2226.json index 5b6d0d5f2ef..cda04ddcbcc 100644 --- a/2014/2xxx/CVE-2014-2226.json +++ b/2014/2xxx/CVE-2014-2226.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140724 CVE-2014-2226: Ubiquiti Networks - UniFi Controller - Admin/root password hash sent via syslog", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jul/127" - }, - { - "name" : "http://packetstormsecurity.com/files/127616/Ubiquiti-UbiFi-Controller-2.4.5-Password-Hash-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127616/Ubiquiti-UbiFi-Controller-2.4.5-Password-Hash-Disclosure.html" - }, - { - "name" : "http://sethsec.blogspot.com/2014/07/cve-2014-2226.html", - "refsource" : "MISC", - "url" : "http://sethsec.blogspot.com/2014/07/cve-2014-2226.html" - }, - { - "name" : "68869", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68869" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68869", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68869" + }, + { + "name": "http://packetstormsecurity.com/files/127616/Ubiquiti-UbiFi-Controller-2.4.5-Password-Hash-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127616/Ubiquiti-UbiFi-Controller-2.4.5-Password-Hash-Disclosure.html" + }, + { + "name": "20140724 CVE-2014-2226: Ubiquiti Networks - UniFi Controller - Admin/root password hash sent via syslog", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jul/127" + }, + { + "name": "http://sethsec.blogspot.com/2014/07/cve-2014-2226.html", + "refsource": "MISC", + "url": "http://sethsec.blogspot.com/2014/07/cve-2014-2226.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2947.json b/2014/2xxx/CVE-2014-2947.json index 80115ce0c4c..854e2738bc5 100644 --- a/2014/2xxx/CVE-2014-2947.json +++ b/2014/2xxx/CVE-2014-2947.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Login.aspx in Bizagi BPM Suite before 10.3 allows remote attackers to inject arbitrary web script or HTML via the txtUsername parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-2947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#112412", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/112412" - }, - { - "name" : "67591", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67591" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Login.aspx in Bizagi BPM Suite before 10.3 allows remote attackers to inject arbitrary web script or HTML via the txtUsername parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#112412", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/112412" + }, + { + "name": "67591", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67591" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2991.json b/2014/2xxx/CVE-2014-2991.json index ba3ee68a8ac..914fb01c7a6 100644 --- a/2014/2xxx/CVE-2014-2991.json +++ b/2014/2xxx/CVE-2014-2991.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2991", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2991", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6581.json b/2014/6xxx/CVE-2014-6581.json index d855a7b4e4a..fe69e54b59b 100644 --- a/2014/6xxx/CVE-2014-6581.json +++ b/2014/6xxx/CVE-2014-6581.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Extract/Load Programs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "1031579", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Extract/Load Programs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "1031579", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031579" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6735.json b/2014/6xxx/CVE-2014-6735.json index 6df199b70f7..bf60eff65cc 100644 --- a/2014/6xxx/CVE-2014-6735.json +++ b/2014/6xxx/CVE-2014-6735.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The imagine Next bmobile (aka com.conduit.app_51c3c19581af465092327dd25591b224.app) application 1.7.10.243 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#586897", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/586897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The imagine Next bmobile (aka com.conduit.app_51c3c19581af465092327dd25591b224.app) application 1.7.10.243 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#586897", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/586897" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7011.json b/2014/7xxx/CVE-2014-7011.json index 7f951b9ddd7..146e7018cd1 100644 --- a/2014/7xxx/CVE-2014-7011.json +++ b/2014/7xxx/CVE-2014-7011.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NWTC Mobile (aka com.dub.app.nwtc) application 1.4.17 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#370945", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/370945" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NWTC Mobile (aka com.dub.app.nwtc) application 1.4.17 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#370945", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/370945" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7732.json b/2014/7xxx/CVE-2014-7732.json index bcf4912d909..37be1d4bebb 100644 --- a/2014/7xxx/CVE-2014-7732.json +++ b/2014/7xxx/CVE-2014-7732.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7732", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7732", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0049.json b/2017/0xxx/CVE-2017-0049.json index ea76c4adbea..0d8ba5ad000 100644 --- a/2017/0xxx/CVE-2017-0049.json +++ b/2017/0xxx/CVE-2017-0049.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0049", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Internet Explorer", - "version" : { - "version_data" : [ - { - "version_value" : "The VBScript engine in Microsoft Internet Explorer 11" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Scripting Engine Information Disclosure Vulnerability.\" This vulnerability is different from those described in CVE-2017-0018, and CVE-2017-0037." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0049", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer", + "version": { + "version_data": [ + { + "version_value": "The VBScript engine in Microsoft Internet Explorer 11" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0049", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0049" - }, - { - "name" : "96095", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96095" - }, - { - "name" : "1038008", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Scripting Engine Information Disclosure Vulnerability.\" This vulnerability is different from those described in CVE-2017-0018, and CVE-2017-0037." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0049", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0049" + }, + { + "name": "1038008", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038008" + }, + { + "name": "96095", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96095" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0070.json b/2017/0xxx/CVE-2017-0070.json index 0363b9baa44..0ae19e67147 100644 --- a/2017/0xxx/CVE-2017-0070.json +++ b/2017/0xxx/CVE-2017-0070.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Browser", - "version" : { - "version_data" : [ - { - "version_value" : "Browser" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Browser", + "version": { + "version_data": [ + { + "version_value": "Browser" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41623", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41623/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0070", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0070" - }, - { - "name" : "96690", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96690" - }, - { - "name" : "1038006", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038006" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96690", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96690" + }, + { + "name": "41623", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41623/" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0070", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0070" + }, + { + "name": "1038006", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038006" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0108.json b/2017/0xxx/CVE-2017-0108.json index b567ab5eabc..c1dd4019394 100644 --- a/2017/0xxx/CVE-2017-0108.json +++ b/2017/0xxx/CVE-2017-0108.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Graphics Component", - "version" : { - "version_data" : [ - { - "version_value" : "The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Graphics Component Remote Code Execution Vulnerability.\" This vulnerability is different from that described in CVE-2017-0014." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Graphics Component", + "version": { + "version_data": [ + { + "version_value": "The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41647", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41647/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108" - }, - { - "name" : "96722", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96722" - }, - { - "name" : "1038002", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Graphics Component Remote Code Execution Vulnerability.\" This vulnerability is different from that described in CVE-2017-0014." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96722", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96722" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108" + }, + { + "name": "1038002", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038002" + }, + { + "name": "41647", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41647/" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0129.json b/2017/0xxx/CVE-2017-0129.json index 50ddb815d56..c3a268297b6 100644 --- a/2017/0xxx/CVE-2017-0129.json +++ b/2017/0xxx/CVE-2017-0129.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Lync for Mac", - "version" : { - "version_data" : [ - { - "version_value" : "Lync for Mac 2011" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka \"Microsoft Lync for Mac Certificate Validation Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Lync for Mac", + "version": { + "version_data": [ + { + "version_value": "Lync for Mac 2011" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0129", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0129" - }, - { - "name" : "96752", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96752" - }, - { - "name" : "1038020", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka \"Microsoft Lync for Mac Certificate Validation Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038020", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038020" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0129", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0129" + }, + { + "name": "96752", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96752" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0992.json b/2017/0xxx/CVE-2017-0992.json index b0d63f72c71..ea00c0308bc 100644 --- a/2017/0xxx/CVE-2017-0992.json +++ b/2017/0xxx/CVE-2017-0992.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0992", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0992", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000035.json b/2017/1000xxx/CVE-2017-1000035.json index 7953b641415..4989e1cbe08 100644 --- a/2017/1000xxx/CVE-2017-1000035.json +++ b/2017/1000xxx/CVE-2017-1000035.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-05-06T20:43:28.284361", - "ID" : "CVE-2017-1000035", - "REQUESTER" : "dereks@lifeofadishwasher.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Tiny Tiny RSS", - "version" : { - "version_data" : [ - { - "version_value" : "Before 829d478f" - } - ] - } - } - ] - }, - "vendor_name" : "Tiny Tiny RSS" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-05-06T20:43:28.284361", + "ID": "CVE-2017-1000035", + "REQUESTER": "dereks@lifeofadishwasher.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://git.tt-rss.org/git/tt-rss/commit/829d478f1b054c8ce1eeb4f15170dc4a1abb3e47", - "refsource" : "CONFIRM", - "url" : "https://git.tt-rss.org/git/tt-rss/commit/829d478f1b054c8ce1eeb4f15170dc4a1abb3e47" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://git.tt-rss.org/git/tt-rss/commit/829d478f1b054c8ce1eeb4f15170dc4a1abb3e47", + "refsource": "CONFIRM", + "url": "https://git.tt-rss.org/git/tt-rss/commit/829d478f1b054c8ce1eeb4f15170dc4a1abb3e47" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000045.json b/2017/1000xxx/CVE-2017-1000045.json index d6e3574b62d..3f9796a532a 100644 --- a/2017/1000xxx/CVE-2017-1000045.json +++ b/2017/1000xxx/CVE-2017-1000045.json @@ -1,21 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_ASSIGNED" : "2017-05-06T20:43:28.293405", - "ID" : "CVE-2017-1000045", - "REQUESTER" : "florent.daigniere@trustmatta.com", - "STATE" : "REJECT", - "STATE_DETAIL" : "BAD_REF_URL" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1000045", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000113.json b/2017/1000xxx/CVE-2017-1000113.json index fc06f9423d0..01bc45b74f2 100644 --- a/2017/1000xxx/CVE-2017-1000113.json +++ b/2017/1000xxx/CVE-2017-1000113.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.326025", - "ID" : "CVE-2017-1000113", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Deploy to container Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "1.12 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins Deploy to container Plugin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with Credentials Plugin to store passwords securely, and automatically migrates existing passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Missing Encryption of Sensitive Data" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.326025", + "ID": "CVE-2017-1000113", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2017-08-07/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2017-08-07/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with Credentials Plugin to store passwords securely, and automatically migrates existing passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2017-08-07/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2017-08-07/" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18336.json b/2017/18xxx/CVE-2017-18336.json index f7ef52b994e..eee36def5a5 100644 --- a/2017/18xxx/CVE-2017-18336.json +++ b/2017/18xxx/CVE-2017-18336.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18336", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18336", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1125.json b/2017/1xxx/CVE-2017-1125.json index 9435cd336c8..9b0b68c0386 100644 --- a/2017/1xxx/CVE-2017-1125.json +++ b/2017/1xxx/CVE-2017-1125.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cognos Business Intelligence", - "version" : { - "version_data" : [ - { - "version_value" : "10.1.1" - }, - { - "version_value" : "10.2" - }, - { - "version_value" : "10.2.1" - }, - { - "version_value" : "10.2.1.1" - }, - { - "version_value" : "10.2.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cognos Business Intelligence", + "version": { + "version_data": [ + { + "version_value": "10.1.1" + }, + { + "version_value": "10.2" + }, + { + "version_value": "10.2.1" + }, + { + "version_value": "10.2.1.1" + }, + { + "version_value": "10.2.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121340", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121340" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22004036", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22004036" - }, - { - "name" : "98945", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22004036", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22004036" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121340", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/121340" + }, + { + "name": "98945", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98945" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1169.json b/2017/1xxx/CVE-2017-1169.json index 6107bb72818..61424b3031c 100644 --- a/2017/1xxx/CVE-2017-1169.json +++ b/2017/1xxx/CVE-2017-1169.json @@ -1,118 +1,118 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-10-20T00:00:00", - "ID" : "CVE-2017-1169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Collaborative Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "4.0" - }, - { - "version_value" : "4.0.1" - }, - { - "version_value" : "4.0.2" - }, - { - "version_value" : "4.0.3" - }, - { - "version_value" : "4.0.4" - }, - { - "version_value" : "4.0.5" - }, - { - "version_value" : "4.0.6" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "4.0.7" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123188." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-10-20T00:00:00", + "ID": "CVE-2017-1169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Collaborative Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "4.0" + }, + { + "version_value": "4.0.1" + }, + { + "version_value": "4.0.2" + }, + { + "version_value": "4.0.3" + }, + { + "version_value": "4.0.4" + }, + { + "version_value": "4.0.5" + }, + { + "version_value": "4.0.6" + }, + { + "version_value": "5.0" + }, + { + "version_value": "4.0.7" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123188", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123188" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22009296", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22009296" - }, - { - "name" : "101593", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123188." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123188", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123188" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22009296", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22009296" + }, + { + "name": "101593", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101593" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1751.json b/2017/1xxx/CVE-2017-1751.json index 18dda3fa9c8..bfd8df8e78e 100644 --- a/2017/1xxx/CVE-2017-1751.json +++ b/2017/1xxx/CVE-2017-1751.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-12-15T00:00:00", - "ID" : "CVE-2017-1751", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Robotic Process Automation with Automation Anywhere", - "version" : { - "version_data" : [ - { - "version_value" : "10.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135546." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-12-15T00:00:00", + "ID": "CVE-2017-1751", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Robotic Process Automation with Automation Anywhere", + "version": { + "version_data": [ + { + "version_value": "10.0.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/135546", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/135546" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22011185", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22011185" - }, - { - "name" : "102217", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102217" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135546." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22011185", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22011185" + }, + { + "name": "102217", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102217" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135546", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135546" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1906.json b/2017/1xxx/CVE-2017-1906.json index 73198f4c14c..0b6b01967e4 100644 --- a/2017/1xxx/CVE-2017-1906.json +++ b/2017/1xxx/CVE-2017-1906.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1906", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1906", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4364.json b/2017/4xxx/CVE-2017-4364.json index d4dcb08d361..a3b36420d55 100644 --- a/2017/4xxx/CVE-2017-4364.json +++ b/2017/4xxx/CVE-2017-4364.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4364", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4364", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5249.json b/2017/5xxx/CVE-2017-5249.json index 1142f589664..a6b13c4f14e 100644 --- a/2017/5xxx/CVE-2017-5249.json +++ b/2017/5xxx/CVE-2017-5249.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@rapid7.com", - "ID" : "CVE-2017-5249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Wink - Smart Home", - "version" : { - "version_data" : [ - { - "version_value" : "6.1.0.19 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Wink Labs Inc" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-922 (Insecure Storage of Sensitive Information)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@rapid7.com", + "ID": "CVE-2017-5249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Wink - Smart Home", + "version": { + "version_data": [ + { + "version_value": "6.1.0.19 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Wink Labs Inc" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/", - "refsource" : "MISC", - "url" : "https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-922 (Insecure Storage of Sensitive Information)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/", + "refsource": "MISC", + "url": "https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5617.json b/2017/5xxx/CVE-2017-5617.json index 9f5be46926c..feb55de246e 100644 --- a/2017/5xxx/CVE-2017-5617.json +++ b/2017/5xxx/CVE-2017-5617.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SVG Salamander (aka svgSalamander) library, when used in a web application, allows remote attackers to conduct server-side request forgery (SSRF) attacks via an xlink:href attribute in an SVG file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170127 SSRF issue in the svgsalamander library", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/27/3" - }, - { - "name" : "[oss-security] 20170129 Re: SSRF issue in the svgsalamander library", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/29/2" - }, - { - "name" : "https://github.com/blackears/svgSalamander/issues/11", - "refsource" : "CONFIRM", - "url" : "https://github.com/blackears/svgSalamander/issues/11" - }, - { - "name" : "DSA-3781", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3781" - }, - { - "name" : "95871", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95871" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SVG Salamander (aka svgSalamander) library, when used in a web application, allows remote attackers to conduct server-side request forgery (SSRF) attacks via an xlink:href attribute in an SVG file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170129 Re: SSRF issue in the svgsalamander library", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/29/2" + }, + { + "name": "95871", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95871" + }, + { + "name": "DSA-3781", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3781" + }, + { + "name": "[oss-security] 20170127 SSRF issue in the svgsalamander library", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/27/3" + }, + { + "name": "https://github.com/blackears/svgSalamander/issues/11", + "refsource": "CONFIRM", + "url": "https://github.com/blackears/svgSalamander/issues/11" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5878.json b/2017/5xxx/CVE-2017-5878.json index 0d868e5f561..4fe4598944e 100644 --- a/2017/5xxx/CVE-2017-5878.json +++ b/2017/5xxx/CVE-2017-5878.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170522 Code Execution through a variety Java (Un-)Marshallers", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/05/22/2" - }, - { - "name" : "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", - "refsource" : "MISC", - "url" : "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", + "refsource": "MISC", + "url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true" + }, + { + "name": "[oss-security] 20170522 Code Execution through a variety Java (Un-)Marshallers", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/05/22/2" + } + ] + } +} \ No newline at end of file