From 6bb090612f09f738e7a679f0b2d719472e6dbe29 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:35:29 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/2xxx/CVE-2006-2294.json | 170 ++++++------- 2006/3xxx/CVE-2006-3185.json | 180 ++++++------- 2006/3xxx/CVE-2006-3507.json | 170 ++++++------- 2006/3xxx/CVE-2006-3524.json | 210 ++++++++-------- 2006/3xxx/CVE-2006-3562.json | 160 ++++++------ 2006/6xxx/CVE-2006-6243.json | 170 ++++++------- 2006/6xxx/CVE-2006-6712.json | 170 ++++++------- 2006/6xxx/CVE-2006-6748.json | 120 ++++----- 2006/6xxx/CVE-2006-6792.json | 150 +++++------ 2006/6xxx/CVE-2006-6809.json | 150 +++++------ 2006/6xxx/CVE-2006-6971.json | 130 +++++----- 2011/0xxx/CVE-2011-0008.json | 190 +++++++------- 2011/0xxx/CVE-2011-0654.json | 250 +++++++++---------- 2011/0xxx/CVE-2011-0805.json | 120 ++++----- 2011/0xxx/CVE-2011-0845.json | 140 +++++------ 2011/0xxx/CVE-2011-0935.json | 140 +++++------ 2011/1xxx/CVE-2011-1111.json | 160 ++++++------ 2011/1xxx/CVE-2011-1623.json | 160 ++++++------ 2011/1xxx/CVE-2011-1695.json | 34 +-- 2011/3xxx/CVE-2011-3249.json | 150 +++++------ 2011/3xxx/CVE-2011-3445.json | 34 +-- 2011/4xxx/CVE-2011-4122.json | 200 +++++++-------- 2011/4xxx/CVE-2011-4783.json | 160 ++++++------ 2011/4xxx/CVE-2011-4848.json | 130 +++++----- 2013/5xxx/CVE-2013-5890.json | 170 ++++++------- 2014/2xxx/CVE-2014-2005.json | 150 +++++------ 2014/2xxx/CVE-2014-2483.json | 260 +++++++++---------- 2014/2xxx/CVE-2014-2797.json | 150 +++++------ 2014/2xxx/CVE-2014-2813.json | 150 +++++------ 2014/6xxx/CVE-2014-6121.json | 140 +++++------ 2014/6xxx/CVE-2014-6564.json | 140 +++++------ 2014/6xxx/CVE-2014-6582.json | 130 +++++----- 2014/6xxx/CVE-2014-6595.json | 140 +++++------ 2014/6xxx/CVE-2014-6743.json | 140 +++++------ 2014/6xxx/CVE-2014-6787.json | 140 +++++------ 2014/7xxx/CVE-2014-7075.json | 140 +++++------ 2014/7xxx/CVE-2014-7245.json | 34 +-- 2014/7xxx/CVE-2014-7328.json | 140 +++++------ 2014/7xxx/CVE-2014-7652.json | 140 +++++------ 2017/0xxx/CVE-2017-0168.json | 140 +++++------ 2017/0xxx/CVE-2017-0512.json | 34 +-- 2017/0xxx/CVE-2017-0664.json | 132 +++++----- 2017/0xxx/CVE-2017-0887.json | 130 +++++----- 2017/0xxx/CVE-2017-0931.json | 132 +++++----- 2017/1000xxx/CVE-2017-1000366.json | 282 ++++++++++----------- 2017/1000xxx/CVE-2017-1000376.json | 142 +++++------ 2017/18xxx/CVE-2017-18223.json | 120 ++++----- 2017/1xxx/CVE-2017-1070.json | 34 +-- 2017/1xxx/CVE-2017-1331.json | 166 ++++++------ 2017/1xxx/CVE-2017-1360.json | 34 +-- 2017/1xxx/CVE-2017-1516.json | 388 ++++++++++++++--------------- 2017/1xxx/CVE-2017-1616.json | 34 +-- 2017/1xxx/CVE-2017-1743.json | 170 ++++++------- 2017/5xxx/CVE-2017-5256.json | 120 ++++----- 2017/5xxx/CVE-2017-5571.json | 170 ++++++------- 2017/5xxx/CVE-2017-5825.json | 142 +++++------ 56 files changed, 4091 insertions(+), 4091 deletions(-) diff --git a/2006/2xxx/CVE-2006-2294.json b/2006/2xxx/CVE-2006-2294.json index c17e709a0bd..2a667eaa420 100644 --- a/2006/2xxx/CVE-2006-2294.json +++ b/2006/2xxx/CVE-2006-2294.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Dynamic Galerie 1.0 allows remote attackers to inject arbitrary web script or HTML via the pfad parameter in (1) index.php and (2) galerie.php. NOTE: this issue might be resultant from directory traversal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://d4igoro.blogspot.com/2006/05/dynamic-galerie-10-path-traversal-xss.html", - "refsource" : "MISC", - "url" : "http://d4igoro.blogspot.com/2006/05/dynamic-galerie-10-path-traversal-xss.html" - }, - { - "name" : "17896", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17896" - }, - { - "name" : "ADV-2006-1699", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1699" - }, - { - "name" : "25443", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25443" - }, - { - "name" : "25444", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25444" - }, - { - "name" : "19995", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19995" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Dynamic Galerie 1.0 allows remote attackers to inject arbitrary web script or HTML via the pfad parameter in (1) index.php and (2) galerie.php. NOTE: this issue might be resultant from directory traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1699", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1699" + }, + { + "name": "http://d4igoro.blogspot.com/2006/05/dynamic-galerie-10-path-traversal-xss.html", + "refsource": "MISC", + "url": "http://d4igoro.blogspot.com/2006/05/dynamic-galerie-10-path-traversal-xss.html" + }, + { + "name": "17896", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17896" + }, + { + "name": "25444", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25444" + }, + { + "name": "25443", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25443" + }, + { + "name": "19995", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19995" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3185.json b/2006/3xxx/CVE-2006-3185.json index 2a31c860a2c..50dd668adc8 100644 --- a/2006/3xxx/CVE-2006-3185.json +++ b/2006/3xxx/CVE-2006-3185.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in data/header.php in CMS Faethon 1.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060617 [ECHO_ADV_33$2006] CMS Faethon 1.3.2 mainpath Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437492/100/0/threaded" - }, - { - "name" : "http://advisories.echo.or.id/adv/adv33-K-159-2006.txt", - "refsource" : "MISC", - "url" : "http://advisories.echo.or.id/adv/adv33-K-159-2006.txt" - }, - { - "name" : "18489", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18489" - }, - { - "name" : "ADV-2006-2409", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2409" - }, - { - "name" : "20713", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20713" - }, - { - "name" : "1127", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1127" - }, - { - "name" : "cms-faethon-dataheader-file-include(27330)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27330" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in data/header.php in CMS Faethon 1.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://advisories.echo.or.id/adv/adv33-K-159-2006.txt", + "refsource": "MISC", + "url": "http://advisories.echo.or.id/adv/adv33-K-159-2006.txt" + }, + { + "name": "20713", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20713" + }, + { + "name": "cms-faethon-dataheader-file-include(27330)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27330" + }, + { + "name": "1127", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1127" + }, + { + "name": "20060617 [ECHO_ADV_33$2006] CMS Faethon 1.3.2 mainpath Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437492/100/0/threaded" + }, + { + "name": "18489", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18489" + }, + { + "name": "ADV-2006-2409", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2409" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3507.json b/2006/3xxx/CVE-2006-3507.json index 1fa9a47fd9a..cfd4a9ae8a5 100644 --- a/2006/3xxx/CVE-2006-3507.json +++ b/2006/3xxx/CVE-2006-3507.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2006-09-21", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00001.html" - }, - { - "name" : "VU#867796", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/867796" - }, - { - "name" : "20144", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20144" - }, - { - "name" : "ADV-2006-3737", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3737" - }, - { - "name" : "1016903", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016903" - }, - { - "name" : "22068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22068" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22068" + }, + { + "name": "ADV-2006-3737", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3737" + }, + { + "name": "APPLE-SA-2006-09-21", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00001.html" + }, + { + "name": "VU#867796", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/867796" + }, + { + "name": "1016903", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016903" + }, + { + "name": "20144", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20144" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3524.json b/2006/3xxx/CVE-2006-3524.json index e0e7507be2b..8395a4143a3 100644 --- a/2006/3xxx/CVE-2006-3524.json +++ b/2006/3xxx/CVE-2006-3524.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3524", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows remote attackers to execute arbitrary code via a long CSeq field value in an INVITE message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3524", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060710 ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439617/100/0/threaded" - }, - { - "name" : "20060711 Re: [Full-disclosure] ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440135/100/0/threaded" - }, - { - "name" : "20060710 ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton)", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047757.html" - }, - { - "name" : "20060711 ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton)", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047794.html" - }, - { - "name" : "18906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18906" - }, - { - "name" : "ADV-2006-2735", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2735" - }, - { - "name" : "27122", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27122" - }, - { - "name" : "1016455", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016455" - }, - { - "name" : "20997", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20997" - }, - { - "name" : "sipxtapi-cseq-bo(27681)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27681" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows remote attackers to execute arbitrary code via a long CSeq field value in an INVITE message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2735", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2735" + }, + { + "name": "27122", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27122" + }, + { + "name": "20997", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20997" + }, + { + "name": "sipxtapi-cseq-bo(27681)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27681" + }, + { + "name": "20060711 ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton)", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047794.html" + }, + { + "name": "20060710 ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton)", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047757.html" + }, + { + "name": "18906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18906" + }, + { + "name": "20060711 Re: [Full-disclosure] ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440135/100/0/threaded" + }, + { + "name": "1016455", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016455" + }, + { + "name": "20060710 ERNW Security Advisory 02/2006 - Buffer Overflow in sipXtapi (used in AOL Triton)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439617/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3562.json b/2006/3xxx/CVE-2006-3562.json index 86a65ee69be..fa783f7b7e7 100644 --- a/2006/3xxx/CVE-2006-3562.json +++ b/2006/3xxx/CVE-2006-3562.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter to (1) index.php, (2) rss.php, or (3) search.php, a different set of vectors and versions than CVE-2006-2645 and CVE-2006-0725." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060702 plume-cms v1.0.4 Multiple Remote File include", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438948/100/100/threaded" - }, - { - "name" : "18780", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18780" - }, - { - "name" : "1016426", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016426" - }, - { - "name" : "1220", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1220" - }, - { - "name" : "plumecms-multiple-scripts-file-include(27530)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27530" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter to (1) index.php, (2) rss.php, or (3) search.php, a different set of vectors and versions than CVE-2006-2645 and CVE-2006-0725." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18780", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18780" + }, + { + "name": "20060702 plume-cms v1.0.4 Multiple Remote File include", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438948/100/100/threaded" + }, + { + "name": "plumecms-multiple-scripts-file-include(27530)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27530" + }, + { + "name": "1220", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1220" + }, + { + "name": "1016426", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016426" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6243.json b/2006/6xxx/CVE-2006-6243.json index e231189fa67..c42287d9fe3 100644 --- a/2006/6xxx/CVE-2006-6243.json +++ b/2006/6xxx/CVE-2006-6243.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in index.asp in FipsSHOP allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) did parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061126 [Aria-Security Team] FipsSHOP SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453029/100/0/threaded" - }, - { - "name" : "http://www.aria-security.com/forum/showthread.php?t=46", - "refsource" : "MISC", - "url" : "http://www.aria-security.com/forum/showthread.php?t=46" - }, - { - "name" : "21289", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21289" - }, - { - "name" : "ADV-2006-4779", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4779" - }, - { - "name" : "23147", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23147" - }, - { - "name" : "1959", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1959" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in index.asp in FipsSHOP allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) did parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4779", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4779" + }, + { + "name": "1959", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1959" + }, + { + "name": "http://www.aria-security.com/forum/showthread.php?t=46", + "refsource": "MISC", + "url": "http://www.aria-security.com/forum/showthread.php?t=46" + }, + { + "name": "23147", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23147" + }, + { + "name": "20061126 [Aria-Security Team] FipsSHOP SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453029/100/0/threaded" + }, + { + "name": "21289", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21289" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6712.json b/2006/6xxx/CVE-2006-6712.json index 07e3b58dfcf..5ceed0dd54f 100644 --- a/2006/6xxx/CVE-2006-6712.json +++ b/2006/6xxx/CVE-2006-6712.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in SugarCRM Open Source 4.5.0f and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in crafted email messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dl.sugarforge.org/sugardocs/Notes/ReleaseNotes/SugarOpenSource_ReleaseNotes_4.5.0g.pdf", - "refsource" : "CONFIRM", - "url" : "http://dl.sugarforge.org/sugardocs/Notes/ReleaseNotes/SugarOpenSource_ReleaseNotes_4.5.0g.pdf" - }, - { - "name" : "JVN#74079537", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2374079537/index.html" - }, - { - "name" : "21694", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21694" - }, - { - "name" : "ADV-2006-5100", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5100" - }, - { - "name" : "1017434", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017434" - }, - { - "name" : "23424", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23424" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in SugarCRM Open Source 4.5.0f and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in crafted email messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1017434", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017434" + }, + { + "name": "JVN#74079537", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2374079537/index.html" + }, + { + "name": "ADV-2006-5100", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5100" + }, + { + "name": "23424", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23424" + }, + { + "name": "21694", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21694" + }, + { + "name": "http://dl.sugarforge.org/sugardocs/Notes/ReleaseNotes/SugarOpenSource_ReleaseNotes_4.5.0g.pdf", + "refsource": "CONFIRM", + "url": "http://dl.sugarforge.org/sugardocs/Notes/ReleaseNotes/SugarOpenSource_ReleaseNotes_4.5.0g.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6748.json b/2006/6xxx/CVE-2006-6748.json index 5596be2b3dd..e6eb65c0830 100644 --- a/2006/6xxx/CVE-2006-6748.json +++ b/2006/6xxx/CVE-2006-6748.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in i-accueil.php in Newxooper 0.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-5118", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in i-accueil.php in Newxooper 0.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-5118", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5118" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6792.json b/2006/6xxx/CVE-2006-6792.json index a196ca2ad22..695d9217c00 100644 --- a/2006/6xxx/CVE-2006-6792.json +++ b/2006/6xxx/CVE-2006-6792.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in calendar_detail.asp in Calendar MX BASIC 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2993", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2993" - }, - { - "name" : "21763", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21763" - }, - { - "name" : "ADV-2006-5151", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5151" - }, - { - "name" : "23515", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23515" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in calendar_detail.asp in Calendar MX BASIC 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-5151", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5151" + }, + { + "name": "21763", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21763" + }, + { + "name": "23515", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23515" + }, + { + "name": "2993", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2993" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6809.json b/2006/6xxx/CVE-2006-6809.json index a869a073b7f..4773f953bb8 100644 --- a/2006/6xxx/CVE-2006-6809.json +++ b/2006/6xxx/CVE-2006-6809.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in process.php in Vladimir Menshakov buratinable templator (aka bubla) 1.0.0rc2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) bu_dir or (2) bu_config[dir] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3026", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3026" - }, - { - "name" : "21793", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21793" - }, - { - "name" : "ADV-2006-5195", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5195" - }, - { - "name" : "bubla-process-file-include(31135)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31135" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in process.php in Vladimir Menshakov buratinable templator (aka bubla) 1.0.0rc2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) bu_dir or (2) bu_config[dir] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-5195", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5195" + }, + { + "name": "bubla-process-file-include(31135)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31135" + }, + { + "name": "3026", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3026" + }, + { + "name": "21793", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21793" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6971.json b/2006/6xxx/CVE-2006-6971.json index 78cf96934a6..ae89d286165 100644 --- a/2006/6xxx/CVE-2006-6971.json +++ b/2006/6xxx/CVE-2006-6971.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) single decimal integer, (4) single hex integer, or (5) single octal integer format, which is not captured by the blacklist filter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sla.ckers.org/forum/read.php?13,2253", - "refsource" : "MISC", - "url" : "http://sla.ckers.org/forum/read.php?13,2253" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=356355", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=356355" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) single decimal integer, (4) single hex integer, or (5) single octal integer format, which is not captured by the blacklist filter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=356355", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=356355" + }, + { + "name": "http://sla.ckers.org/forum/read.php?13,2253", + "refsource": "MISC", + "url": "http://sla.ckers.org/forum/read.php?13,2253" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0008.json b/2011/0xxx/CVE-2011-0008.json index 8dc631140d1..99bc59cb7f6 100644 --- a/2011/0xxx/CVE-2011-0008.json +++ b/2011/0xxx/CVE-2011-0008.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-0008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=668843", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=668843" - }, - { - "name" : "FEDORA-2011-0470", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html" - }, - { - "name" : "FEDORA-2011-0455", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html" - }, - { - "name" : "MDVSA-2011:018", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:018" - }, - { - "name" : "42968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42968" - }, - { - "name" : "ADV-2011-0195", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0195" - }, - { - "name" : "ADV-2011-0199", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0199" - }, - { - "name" : "sudo-parse-privilege-escalation(64965)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64965" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:018", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:018" + }, + { + "name": "FEDORA-2011-0470", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html" + }, + { + "name": "ADV-2011-0199", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0199" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=668843", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=668843" + }, + { + "name": "sudo-parse-privilege-escalation(64965)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64965" + }, + { + "name": "FEDORA-2011-0455", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html" + }, + { + "name": "ADV-2011-0195", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0195" + }, + { + "name": "42968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42968" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0654.json b/2011/0xxx/CVE-2011-0654.json index 82f9ce4bcbe..8f2c9d60c5a 100644 --- a/2011/0xxx/CVE-2011-0654.json +++ b/2011/0xxx/CVE-2011-0654.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0654", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka \"Browser Pool Corruption Vulnerability.\" NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-0654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "16166", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/16166" - }, - { - "name" : "20110214 MS Windows Server 2003 AD Pre-Auth BROWSER ELECTION Remote Heap Overflow", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0284.html" - }, - { - "name" : "http://blogs.technet.com/b/mmpc/archive/2011/02/16/my-sweet-valentine-the-cifs-browser-protocol-heap-corruption-vulnerability.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/b/mmpc/archive/2011/02/16/my-sweet-valentine-the-cifs-browser-protocol-heap-corruption-vulnerability.aspx" - }, - { - "name" : "http://blogs.technet.com/b/srd/archive/2011/02/16/notes-on-exploitability-of-the-recent-windows-browser-protocol-issue.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/b/srd/archive/2011/02/16/notes-on-exploitability-of-the-recent-windows-browser-protocol-issue.aspx" - }, - { - "name" : "MS11-019", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-019" - }, - { - "name" : "TA11-102A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" - }, - { - "name" : "VU#323172", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/323172" - }, - { - "name" : "46360", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46360" - }, - { - "name" : "oval:org.mitre.oval:def:12637", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12637" - }, - { - "name" : "1025328", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025328" - }, - { - "name" : "43299", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43299" - }, - { - "name" : "ADV-2011-0394", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0394" - }, - { - "name" : "ADV-2011-0938", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0938" - }, - { - "name" : "ms-win-server-browser-bo(65376)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65376" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka \"Browser Pool Corruption Vulnerability.\" NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blogs.technet.com/b/mmpc/archive/2011/02/16/my-sweet-valentine-the-cifs-browser-protocol-heap-corruption-vulnerability.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/b/mmpc/archive/2011/02/16/my-sweet-valentine-the-cifs-browser-protocol-heap-corruption-vulnerability.aspx" + }, + { + "name": "TA11-102A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" + }, + { + "name": "VU#323172", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/323172" + }, + { + "name": "16166", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/16166" + }, + { + "name": "ADV-2011-0394", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0394" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2011/02/16/notes-on-exploitability-of-the-recent-windows-browser-protocol-issue.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/b/srd/archive/2011/02/16/notes-on-exploitability-of-the-recent-windows-browser-protocol-issue.aspx" + }, + { + "name": "1025328", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025328" + }, + { + "name": "20110214 MS Windows Server 2003 AD Pre-Auth BROWSER ELECTION Remote Heap Overflow", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0284.html" + }, + { + "name": "46360", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46360" + }, + { + "name": "ADV-2011-0938", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0938" + }, + { + "name": "43299", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43299" + }, + { + "name": "ms-win-server-browser-bo(65376)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65376" + }, + { + "name": "MS11-019", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-019" + }, + { + "name": "oval:org.mitre.oval:def:12637", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12637" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0805.json b/2011/0xxx/CVE-2011-0805.json index 16b5931f8da..cccde3e1617 100644 --- a/2011/0xxx/CVE-2011-0805.json +++ b/2011/0xxx/CVE-2011-0805.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the UIX component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the UIX component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0845.json b/2011/0xxx/CVE-2011-0845.json index dd0a309b8d0..20ca62d2e6c 100644 --- a/2011/0xxx/CVE-2011-0845.json +++ b/2011/0xxx/CVE-2011-0845.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Database Control component in Oracle Enterprise Manager Grid Control 10.1.0.6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" - }, - { - "name" : "TA11-201A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" - }, - { - "name" : "48794", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48794" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Database Control component in Oracle Enterprise Manager Grid Control 10.1.0.6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-201A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" + }, + { + "name": "48794", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48794" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0935.json b/2011/0xxx/CVE-2011-0935.json index 9e2768b2e59..6e9b607241a 100644 --- a/2011/0xxx/CVE-2011-0935.json +++ b/2011/0xxx/CVE-2011-0935.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by leveraging an IKE peer relationship in which a key was previously valid but later revoked, aka Bug ID CSCth82164, a different vulnerability than CVE-2010-4685." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-0935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-2TCAVS.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-2TCAVS.html" - }, - { - "name" : "http://www.cisco.com/en/US/docs/ios/15_1s/release/notes/15_1s_caveats_15_1_1s.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/ios/15_1s/release/notes/15_1s_caveats_15_1_1s.html" - }, - { - "name" : "47407", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by leveraging an IKE peer relationship in which a key was previously valid but later revoked, aka Bug ID CSCth82164, a different vulnerability than CVE-2010-4685." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-2TCAVS.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-2TCAVS.html" + }, + { + "name": "http://www.cisco.com/en/US/docs/ios/15_1s/release/notes/15_1s_caveats_15_1_1s.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/ios/15_1s/release/notes/15_1s_caveats_15_1_1s.html" + }, + { + "name": "47407", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47407" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1111.json b/2011/1xxx/CVE-2011-1111.json index 3418532a4f3..ba7b8f44829 100644 --- a/2011/1xxx/CVE-2011-1111.json +++ b/2011/1xxx/CVE-2011-1111.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 9.0.597.107 does not properly implement forms controls, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=70078", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=70078" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html" - }, - { - "name" : "46614", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46614" - }, - { - "name" : "oval:org.mitre.oval:def:14245", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14245" - }, - { - "name" : "google-chrome-form-controls-unspecified(65729)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65729" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 9.0.597.107 does not properly implement forms controls, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=70078", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=70078" + }, + { + "name": "google-chrome-form-controls-unspecified(65729)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65729" + }, + { + "name": "oval:org.mitre.oval:def:14245", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14245" + }, + { + "name": "46614", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46614" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1623.json b/2011/1xxx/CVE-2011-1623.json index 8fe501b6bb8..3bb40ff9205 100644 --- a/2011/1xxx/CVE-2011-1623.json +++ b/2011/1xxx/CVE-2011-1623.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1623", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Media Processing Software before 1.2 on Media Experience Engine (MXE) 5600 devices has a default root password, which makes it easier for context-dependent attackers to obtain access via (1) the local console, (2) an SSH session, or (3) a TELNET session, aka Bug ID CSCto77737." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-1623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110601 Default Credentials for root Account on the Cisco Media Experience Engine 5600", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80122.shtml" - }, - { - "name" : "48078", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48078" - }, - { - "name" : "72721", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/72721" - }, - { - "name" : "1025590", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025590" - }, - { - "name" : "cisco-mxe-default-password(67760)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Media Processing Software before 1.2 on Media Experience Engine (MXE) 5600 devices has a default root password, which makes it easier for context-dependent attackers to obtain access via (1) the local console, (2) an SSH session, or (3) a TELNET session, aka Bug ID CSCto77737." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72721", + "refsource": "OSVDB", + "url": "http://osvdb.org/72721" + }, + { + "name": "cisco-mxe-default-password(67760)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67760" + }, + { + "name": "48078", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48078" + }, + { + "name": "20110601 Default Credentials for root Account on the Cisco Media Experience Engine 5600", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80122.shtml" + }, + { + "name": "1025590", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025590" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1695.json b/2011/1xxx/CVE-2011-1695.json index 9203b868414..e8ba0a1a21c 100644 --- a/2011/1xxx/CVE-2011-1695.json +++ b/2011/1xxx/CVE-2011-1695.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1695", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1695", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3249.json b/2011/3xxx/CVE-2011-3249.json index ded09eca7f2..1c6ec0e2872 100644 --- a/2011/3xxx/CVE-2011-3249.json +++ b/2011/3xxx/CVE-2011-3249.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FLC encoding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-3249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5016", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5016" - }, - { - "name" : "http://support.apple.com/kb/HT5130", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5130" - }, - { - "name" : "APPLE-SA-2012-02-01-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" - }, - { - "name" : "oval:org.mitre.oval:def:16130", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16130" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FLC encoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5130", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5130" + }, + { + "name": "APPLE-SA-2012-02-01-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" + }, + { + "name": "oval:org.mitre.oval:def:16130", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16130" + }, + { + "name": "http://support.apple.com/kb/HT5016", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5016" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3445.json b/2011/3xxx/CVE-2011-3445.json index 35525d1eaed..74f3546cd1f 100644 --- a/2011/3xxx/CVE-2011-3445.json +++ b/2011/3xxx/CVE-2011-3445.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3445", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3445", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4122.json b/2011/4xxx/CVE-2011-4122.json index f71d8d277eb..26befbe59db 100644 --- a/2011/4xxx/CVE-2011-4122.json +++ b/2011/4xxx/CVE-2011-4122.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service_name argument to the pam_start function, as demonstrated by a .. in the -c option to kcheckpass." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111207 Disputing CVE-2011-4122", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/12/07/3" - }, - { - "name" : "[oss-security] 20111208 Re: Disputing CVE-2011-4122", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/12/08/9" - }, - { - "name" : "http://c-skills.blogspot.com/2011/11/openpam-trickery.html", - "refsource" : "MISC", - "url" : "http://c-skills.blogspot.com/2011/11/openpam-trickery.html" - }, - { - "name" : "http://stealth.openwall.net/xSports/pamslam", - "refsource" : "MISC", - "url" : "http://stealth.openwall.net/xSports/pamslam" - }, - { - "name" : "http://trac.des.no/openpam/changeset/478/trunk/lib/openpam_configure.c", - "refsource" : "CONFIRM", - "url" : "http://trac.des.no/openpam/changeset/478/trunk/lib/openpam_configure.c" - }, - { - "name" : "76945", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76945" - }, - { - "name" : "46756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46756" - }, - { - "name" : "46804", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46804" - }, - { - "name" : "openpam-Pamstart-privilege-escalation(71205)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71205" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service_name argument to the pam_start function, as demonstrated by a .. in the -c option to kcheckpass." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://stealth.openwall.net/xSports/pamslam", + "refsource": "MISC", + "url": "http://stealth.openwall.net/xSports/pamslam" + }, + { + "name": "46756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46756" + }, + { + "name": "[oss-security] 20111207 Disputing CVE-2011-4122", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/12/07/3" + }, + { + "name": "http://trac.des.no/openpam/changeset/478/trunk/lib/openpam_configure.c", + "refsource": "CONFIRM", + "url": "http://trac.des.no/openpam/changeset/478/trunk/lib/openpam_configure.c" + }, + { + "name": "openpam-Pamstart-privilege-escalation(71205)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71205" + }, + { + "name": "76945", + "refsource": "OSVDB", + "url": "http://osvdb.org/76945" + }, + { + "name": "http://c-skills.blogspot.com/2011/11/openpam-trickery.html", + "refsource": "MISC", + "url": "http://c-skills.blogspot.com/2011/11/openpam-trickery.html" + }, + { + "name": "[oss-security] 20111208 Re: Disputing CVE-2011-4122", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/12/08/9" + }, + { + "name": "46804", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46804" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4783.json b/2011/4xxx/CVE-2011-4783.json index 1a02f2934f8..cbbdf88e8d5 100644 --- a/2011/4xxx/CVE-2011-4783.json +++ b/2011/4xxx/CVE-2011-4783.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IDAPython plugin before 1.5.2.3 in IDA Pro allows user-assisted remote attackers to execute arbitrary code via a crafted IDB file, related to improper handling of certain swig_runtime_data files in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://technet.microsoft.com/en-us/security/msvr/msvr11-015", - "refsource" : "MISC", - "url" : "http://technet.microsoft.com/en-us/security/msvr/msvr11-015" - }, - { - "name" : "http://code.google.com/p/idapython/downloads/detail?name=idapython-1.5.2.3_ida6.1_py2.6_win32.zip", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/idapython/downloads/detail?name=idapython-1.5.2.3_ida6.1_py2.6_win32.zip" - }, - { - "name" : "http://code.google.com/p/idapython/source/detail?r=361", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/idapython/source/detail?r=361" - }, - { - "name" : "47295", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47295" - }, - { - "name" : "idapro-idb-code-execution(71936)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71936" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IDAPython plugin before 1.5.2.3 in IDA Pro allows user-assisted remote attackers to execute arbitrary code via a crafted IDB file, related to improper handling of certain swig_runtime_data files in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47295", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47295" + }, + { + "name": "idapro-idb-code-execution(71936)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71936" + }, + { + "name": "http://code.google.com/p/idapython/source/detail?r=361", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/idapython/source/detail?r=361" + }, + { + "name": "http://code.google.com/p/idapython/downloads/detail?name=idapython-1.5.2.3_ida6.1_py2.6_win32.zip", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/idapython/downloads/detail?name=idapython-1.5.2.3_ida6.1_py2.6_win32.zip" + }, + { + "name": "http://technet.microsoft.com/en-us/security/msvr/msvr11-015", + "refsource": "MISC", + "url": "http://technet.microsoft.com/en-us/security/msvr/msvr11-015" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4848.json b/2011/4xxx/CVE-2011-4848.json index ca446c229d7..8645e726e20 100644 --- a/2011/4xxx/CVE-2011-4848.json +++ b/2011/4xxx/CVE-2011-4848.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes a submitted password within an HTTP response body, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by password handling in certain files under client@1/domain@1/backup/local-repository/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html", - "refsource" : "MISC", - "url" : "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html" - }, - { - "name" : "ppp-cp-httpresponse-info-disc(72223)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72223" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes a submitted password within an HTTP response body, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by password handling in certain files under client@1/domain@1/backup/local-repository/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ppp-cp-httpresponse-info-disc(72223)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72223" + }, + { + "name": "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html", + "refsource": "MISC", + "url": "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5890.json b/2013/5xxx/CVE-2013-5890.json index aeb16448661..c8802b1b38c 100644 --- a/2013/5xxx/CVE-2013-5890.json +++ b/2013/5xxx/CVE-2013-5890.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Payroll component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, 12.1.3, and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Exception Reporting." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64816", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64816" - }, - { - "name" : "102104", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/102104" - }, - { - "name" : "1029619", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029619" - }, - { - "name" : "56471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56471" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Payroll component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, 12.1.3, and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Exception Reporting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029619", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029619" + }, + { + "name": "64816", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64816" + }, + { + "name": "102104", + "refsource": "OSVDB", + "url": "http://osvdb.org/102104" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + }, + { + "name": "56471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56471" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2005.json b/2014/2xxx/CVE-2014-2005.json index 60d69dfe847..f6a86fb7a57 100644 --- a/2014/2xxx/CVE-2014-2005.json +++ b/2014/2xxx/CVE-2014-2005.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-2005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.sophos.com/en-us/support/knowledgebase/121066.aspx", - "refsource" : "CONFIRM", - "url" : "http://www.sophos.com/en-us/support/knowledgebase/121066.aspx" - }, - { - "name" : "JVN#63940326", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN63940326/index.html" - }, - { - "name" : "JVNDB-2014-000061", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000061" - }, - { - "name" : "68169", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68169" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2014-000061", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000061" + }, + { + "name": "http://www.sophos.com/en-us/support/knowledgebase/121066.aspx", + "refsource": "CONFIRM", + "url": "http://www.sophos.com/en-us/support/knowledgebase/121066.aspx" + }, + { + "name": "JVN#63940326", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN63940326/index.html" + }, + { + "name": "68169", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68169" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2483.json b/2014/2xxx/CVE-2014-2483.json index 2805b2dd400..fe922465d9e 100644 --- a/2014/2xxx/CVE-2014-2483.json +++ b/2014/2xxx/CVE-2014-2483.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2483", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the \"use of privileged annotations.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-2483", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/848481af9003", - "refsource" : "CONFIRM", - "url" : "http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/848481af9003" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1119626", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1119626" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - }, - { - "name" : "DSA-2987", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2987" - }, - { - "name" : "GLSA-201502-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml" - }, - { - "name" : "HPSBUX03091", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" - }, - { - "name" : "SSRT101667", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" - }, - { - "name" : "RHSA-2014:0902", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0902" - }, - { - "name" : "68608", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68608" - }, - { - "name" : "1030577", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030577" - }, - { - "name" : "60485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60485" - }, - { - "name" : "60812", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60812" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the \"use of privileged annotations.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2987", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2987" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "HPSBUX03091", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2" + }, + { + "name": "1030577", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030577" + }, + { + "name": "SSRT101667", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2" + }, + { + "name": "60812", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60812" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1119626", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119626" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "60485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60485" + }, + { + "name": "http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/848481af9003", + "refsource": "CONFIRM", + "url": "http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/848481af9003" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + }, + { + "name": "RHSA-2014:0902", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0902" + }, + { + "name": "GLSA-201502-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml" + }, + { + "name": "68608", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68608" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2797.json b/2014/2xxx/CVE-2014-2797.json index 668295c1848..56d15ed9a80 100644 --- a/2014/2xxx/CVE-2014-2797.json +++ b/2014/2xxx/CVE-2014-2797.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-037", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037" - }, - { - "name" : "68380", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68380" - }, - { - "name" : "1030532", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030532" - }, - { - "name" : "59775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-037", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037" + }, + { + "name": "59775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59775" + }, + { + "name": "68380", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68380" + }, + { + "name": "1030532", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030532" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2813.json b/2014/2xxx/CVE-2014-2813.json index 0adf21503fc..de5b401ec9f 100644 --- a/2014/2xxx/CVE-2014-2813.json +++ b/2014/2xxx/CVE-2014-2813.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2786 and CVE-2014-2792." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-037", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037" - }, - { - "name" : "68390", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68390" - }, - { - "name" : "1030532", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030532" - }, - { - "name" : "59775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2786 and CVE-2014-2792." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-037", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037" + }, + { + "name": "68390", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68390" + }, + { + "name": "59775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59775" + }, + { + "name": "1030532", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030532" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6121.json b/2014/6xxx/CVE-2014-6121.json index 7a6148742f3..71f030f8309 100644 --- a/2014/6xxx/CVE-2014-6121.json +++ b/2014/6xxx/CVE-2014-6121.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693035", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693035" - }, - { - "name" : "1031427", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031427" - }, - { - "name" : "ibm-appscan-cve20146121-xss(96722)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96722" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031427", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031427" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693035", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693035" + }, + { + "name": "ibm-appscan-cve20146121-xss(96722)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96722" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6564.json b/2014/6xxx/CVE-2014-6564.json index b63ee9a5047..271f26ae897 100644 --- a/2014/6xxx/CVE-2014-6564.json +++ b/2014/6xxx/CVE-2014-6564.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "SUSE-SU-2015:0743", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" - }, - { - "name" : "70511", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70511" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70511", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70511" + }, + { + "name": "SUSE-SU-2015:0743", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6582.json b/2014/6xxx/CVE-2014-6582.json index f666db5f9b7..a5d5df76c17 100644 --- a/2014/6xxx/CVE-2014-6582.json +++ b/2014/6xxx/CVE-2014-6582.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6582", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle HCM Configuration Workbench component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown vectors related to Rapid Implementation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "1031579", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle HCM Configuration Workbench component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown vectors related to Rapid Implementation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "1031579", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031579" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6595.json b/2014/6xxx/CVE-2014-6595.json index 35fcc2f140b..7e11718a4eb 100644 --- a/2014/6xxx/CVE-2014-6595.json +++ b/2014/6xxx/CVE-2014-6595.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2015-0427." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "GLSA-201612-27", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-27" - }, - { - "name" : "openSUSE-SU-2015:0229", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2015-0427." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201612-27", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-27" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "openSUSE-SU-2015:0229", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6743.json b/2014/6xxx/CVE-2014-6743.json index 8d3db5980f4..4b2a8f773c7 100644 --- a/2014/6xxx/CVE-2014-6743.json +++ b/2014/6xxx/CVE-2014-6743.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Hearsay: A Social Party Game (aka air.com.lip.per) application 1.7.000 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#436329", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/436329" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Hearsay: A Social Party Game (aka air.com.lip.per) application 1.7.000 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#436329", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/436329" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6787.json b/2014/6xxx/CVE-2014-6787.json index ba35ff64264..19739837b64 100644 --- a/2014/6xxx/CVE-2014-6787.json +++ b/2014/6xxx/CVE-2014-6787.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6787", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Counter Intuition (aka com.counter.intuition) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#690033", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/690033" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Counter Intuition (aka com.counter.intuition) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#690033", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/690033" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7075.json b/2014/7xxx/CVE-2014-7075.json index 34ef2b9e089..16b58afd20d 100644 --- a/2014/7xxx/CVE-2014-7075.json +++ b/2014/7xxx/CVE-2014-7075.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HAPPY (aka com.tw.knowhowdesign.sinfonghuei) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#460353", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/460353" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HAPPY (aka com.tw.knowhowdesign.sinfonghuei) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#460353", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/460353" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7245.json b/2014/7xxx/CVE-2014-7245.json index a4be73c4c5d..3072bd89910 100644 --- a/2014/7xxx/CVE-2014-7245.json +++ b/2014/7xxx/CVE-2014-7245.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7245", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7245", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7328.json b/2014/7xxx/CVE-2014-7328.json index 5657b6066e2..78d8d5ed535 100644 --- a/2014/7xxx/CVE-2014-7328.json +++ b/2014/7xxx/CVE-2014-7328.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7328", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The brain abundance info (aka com.wbrainabundance) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#556361", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/556361" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The brain abundance info (aka com.wbrainabundance) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#556361", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/556361" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7652.json b/2014/7xxx/CVE-2014-7652.json index 503a9f652ed..48dbb1fa5d9 100644 --- a/2014/7xxx/CVE-2014-7652.json +++ b/2014/7xxx/CVE-2014-7652.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Magicam Photo Magic Editor (aka mobi.magicam.editor) application 5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#671377", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/671377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Magicam Photo Magic Editor (aka mobi.magicam.editor) application 5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#671377", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/671377" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0168.json b/2017/0xxx/CVE-2017-0168.json index e367beb818e..2d66c6e4d7e 100644 --- a/2017/0xxx/CVE-2017-0168.json +++ b/2017/0xxx/CVE-2017-0168.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0168", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Hyper-V", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists when the Windows Hyper-V Network Switch running on a Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Information Disclosure Vulnerability.\" This CVE ID is unique from CVE-2017-0169." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0168", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Hyper-V", + "version": { + "version_data": [ + { + "version_value": "Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0168", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0168" - }, - { - "name" : "97418", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97418" - }, - { - "name" : "1038232", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038232" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the Windows Hyper-V Network Switch running on a Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Information Disclosure Vulnerability.\" This CVE ID is unique from CVE-2017-0169." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038232", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038232" + }, + { + "name": "97418", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97418" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0168", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0168" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0512.json b/2017/0xxx/CVE-2017-0512.json index ab1b118b7d9..322f134ba1c 100644 --- a/2017/0xxx/CVE-2017-0512.json +++ b/2017/0xxx/CVE-2017-0512.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0512", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0512", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0664.json b/2017/0xxx/CVE-2017-0664.json index e865bde2e37..fecb7d5155b 100644 --- a/2017/0xxx/CVE-2017-0664.json +++ b/2017/0xxx/CVE-2017-0664.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-07-05T00:00:00", - "ID" : "CVE-2017-0664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36491278." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-07-05T00:00:00", + "ID": "CVE-2017-0664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "99470", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36491278." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99470", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99470" + }, + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0887.json b/2017/0xxx/CVE-2017-0887.json index e0d025903b0..5300403c73b 100644 --- a/2017/0xxx/CVE-2017-0887.json +++ b/2017/0xxx/CVE-2017-0887.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2017-0887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Nextcloud Server", - "version" : { - "version_data" : [ - { - "version_value" : "All versions before 9.0.55 and 10.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "Nextcloud" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Reliance on Untrusted Inputs in a Security Decision (CWE-807)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2017-0887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server", + "version": { + "version_data": [ + { + "version_value": "All versions before 9.0.55 and 10.0.2" + } + ] + } + } + ] + }, + "vendor_name": "Nextcloud" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/173622", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/173622" - }, - { - "name" : "https://nextcloud.com/security/advisory/?id=nc-sa-2017-005", - "refsource" : "CONFIRM", - "url" : "https://nextcloud.com/security/advisory/?id=nc-sa-2017-005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reliance on Untrusted Inputs in a Security Decision (CWE-807)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nextcloud.com/security/advisory/?id=nc-sa-2017-005", + "refsource": "CONFIRM", + "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2017-005" + }, + { + "name": "https://hackerone.com/reports/173622", + "refsource": "MISC", + "url": "https://hackerone.com/reports/173622" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0931.json b/2017/0xxx/CVE-2017-0931.json index a07c5416a1c..29d839f3805 100644 --- a/2017/0xxx/CVE-2017-0931.json +++ b/2017/0xxx/CVE-2017-0931.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-0931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "html-janitor node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "html-janitor node module suffers from a Cross-Site Scripting (XSS) vulnerability via clean() accepting user-controlled values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site Scripting (XSS) - Generic (CWE-79)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-0931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "html-janitor node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/guardian/html-janitor/issues/34", - "refsource" : "MISC", - "url" : "https://github.com/guardian/html-janitor/issues/34" - }, - { - "name" : "https://hackerone.com/reports/308155", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/308155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "html-janitor node module suffers from a Cross-Site Scripting (XSS) vulnerability via clean() accepting user-controlled values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Generic (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/guardian/html-janitor/issues/34", + "refsource": "MISC", + "url": "https://github.com/guardian/html-janitor/issues/34" + }, + { + "name": "https://hackerone.com/reports/308155", + "refsource": "MISC", + "url": "https://hackerone.com/reports/308155" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000366.json b/2017/1000xxx/CVE-2017-1000366.json index 1881c6b3743..47c605b8018 100644 --- a/2017/1000xxx/CVE-2017-1000366.json +++ b/2017/1000xxx/CVE-2017-1000366.json @@ -1,143 +1,143 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "ID" : "CVE-2017-1000366", - "REQUESTER" : "qsa@qualys.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "glibc", - "version" : { - "version_data" : [ - { - "version_value" : "2.25" - } - ] - } - } - ] - }, - "vendor_name" : "GNU Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "A specific CWE doesn't exist, listing as unknown for now" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1000366", + "REQUESTER": "qsa@qualys.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42274", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42274/" - }, - { - "name" : "42275", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42275/" - }, - { - "name" : "42276", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42276/" - }, - { - "name" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", - "refsource" : "MISC", - "url" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" - }, - { - "name" : "https://access.redhat.com/security/cve/CVE-2017-1000366", - "refsource" : "CONFIRM", - "url" : "https://access.redhat.com/security/cve/CVE-2017-1000366" - }, - { - "name" : "https://www.suse.com/security/cve/CVE-2017-1000366/", - "refsource" : "CONFIRM", - "url" : "https://www.suse.com/security/cve/CVE-2017-1000366/" - }, - { - "name" : "https://www.suse.com/support/kb/doc/?id=7020973", - "refsource" : "CONFIRM", - "url" : "https://www.suse.com/support/kb/doc/?id=7020973" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10205", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10205" - }, - { - "name" : "DSA-3887", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3887" - }, - { - "name" : "GLSA-201706-19", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-19" - }, - { - "name" : "RHSA-2017:1479", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1479" - }, - { - "name" : "RHSA-2017:1480", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1480" - }, - { - "name" : "RHSA-2017:1481", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1481" - }, - { - "name" : "RHSA-2017:1567", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1567" - }, - { - "name" : "RHSA-2017:1712", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1712" - }, - { - "name" : "99127", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99127" - }, - { - "name" : "1038712", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038712" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", + "refsource": "MISC", + "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" + }, + { + "name": "1038712", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038712" + }, + { + "name": "42275", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42275/" + }, + { + "name": "RHSA-2017:1712", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1712" + }, + { + "name": "https://www.suse.com/security/cve/CVE-2017-1000366/", + "refsource": "CONFIRM", + "url": "https://www.suse.com/security/cve/CVE-2017-1000366/" + }, + { + "name": "RHSA-2017:1479", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1479" + }, + { + "name": "RHSA-2017:1480", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1480" + }, + { + "name": "99127", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99127" + }, + { + "name": "42276", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42276/" + }, + { + "name": "https://www.suse.com/support/kb/doc/?id=7020973", + "refsource": "CONFIRM", + "url": "https://www.suse.com/support/kb/doc/?id=7020973" + }, + { + "name": "RHSA-2017:1567", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1567" + }, + { + "name": "42274", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42274/" + }, + { + "name": "https://access.redhat.com/security/cve/CVE-2017-1000366", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/security/cve/CVE-2017-1000366" + }, + { + "name": "RHSA-2017:1481", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1481" + }, + { + "name": "DSA-3887", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3887" + }, + { + "name": "GLSA-201706-19", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-19" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10205", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10205" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000376.json b/2017/1000xxx/CVE-2017-1000376.json index 03b423fc245..a07bd991ce7 100644 --- a/2017/1000xxx/CVE-2017-1000376.json +++ b/2017/1000xxx/CVE-2017-1000376.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "ID" : "CVE-2017-1000376", - "REQUESTER" : "qsa@qualys.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "libffi", - "version" : { - "version_data" : [ - { - "version_value" : "3.1" - } - ] - } - } - ] - }, - "vendor_name" : "libffi" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Requests executable stack" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1000376", + "REQUESTER": "qsa@qualys.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", - "refsource" : "MISC", - "url" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" - }, - { - "name" : "https://access.redhat.com/security/cve/CVE-2017-1000376", - "refsource" : "CONFIRM", - "url" : "https://access.redhat.com/security/cve/CVE-2017-1000376" - }, - { - "name" : "DSA-3889", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", + "refsource": "MISC", + "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" + }, + { + "name": "https://access.redhat.com/security/cve/CVE-2017-1000376", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/security/cve/CVE-2017-1000376" + }, + { + "name": "DSA-3889", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3889" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18223.json b/2017/18xxx/CVE-2017-18223.json index 8489bd3f248..8c9a791fc7f 100644 --- a/2017/18xxx/CVE-2017-18223.json +++ b/2017/18xxx/CVE-2017-18223.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://communities.bmc.com/thread/165887", - "refsource" : "CONFIRM", - "url" : "https://communities.bmc.com/thread/165887" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://communities.bmc.com/thread/165887", + "refsource": "CONFIRM", + "url": "https://communities.bmc.com/thread/165887" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1070.json b/2017/1xxx/CVE-2017-1070.json index 4bfeed34ce9..d0139750e4c 100644 --- a/2017/1xxx/CVE-2017-1070.json +++ b/2017/1xxx/CVE-2017-1070.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1070", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1070", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1331.json b/2017/1xxx/CVE-2017-1331.json index 3861c62c61e..f57dc54fb1e 100644 --- a/2017/1xxx/CVE-2017-1331.json +++ b/2017/1xxx/CVE-2017-1331.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-08-02T00:00:00", - "ID" : "CVE-2017-1331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Content Navigator", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.0" - }, - { - "version_value" : "2.0.3.5" - }, - { - "version_value" : "2.0.3.6" - }, - { - "version_value" : "2.0.3.7" - }, - { - "version_value" : "2.0.3.8" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126233." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-08-02T00:00:00", + "ID": "CVE-2017-1331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Content Navigator", + "version": { + "version_data": [ + { + "version_value": "3.0.0" + }, + { + "version_value": "2.0.3.5" + }, + { + "version_value": "2.0.3.6" + }, + { + "version_value": "2.0.3.7" + }, + { + "version_value": "2.0.3.8" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126233", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126233" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22003928", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22003928" - }, - { - "name" : "100120", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126233." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126233", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126233" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22003928", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22003928" + }, + { + "name": "100120", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100120" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1360.json b/2017/1xxx/CVE-2017-1360.json index e474d5ece00..eb2dd3950ec 100644 --- a/2017/1xxx/CVE-2017-1360.json +++ b/2017/1xxx/CVE-2017-1360.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1360", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1360", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1516.json b/2017/1xxx/CVE-2017-1516.json index 068e3781eb5..c06587e6940 100644 --- a/2017/1xxx/CVE-2017-1516.json +++ b/2017/1xxx/CVE-2017-1516.json @@ -1,196 +1,196 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-01-23T00:00:00", - "ID" : "CVE-2017-1516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational DOORS", - "version" : { - "version_data" : [ - { - "version_value" : "9.5" - }, - { - "version_value" : "9.5.0.1" - }, - { - "version_value" : "9.5.1" - }, - { - "version_value" : "9.5.1.1" - }, - { - "version_value" : "9.5.1.2" - }, - { - "version_value" : "9.5.2" - }, - { - "version_value" : "9.5.2.1" - }, - { - "version_value" : "9.6" - }, - { - "version_value" : "9.5.0.2" - }, - { - "version_value" : "9.5.0.3" - }, - { - "version_value" : "9.5.1.3" - }, - { - "version_value" : "9.5.1.4" - }, - { - "version_value" : "9.5.2.2" - }, - { - "version_value" : "9.5.2.3" - }, - { - "version_value" : "9.6.0.1" - }, - { - "version_value" : "9.6.0.2" - }, - { - "version_value" : "9.6.1" - }, - { - "version_value" : "9.6.1.1" - }, - { - "version_value" : "9.5.0.4" - }, - { - "version_value" : "9.5.1.5" - }, - { - "version_value" : "9.5.2.4" - }, - { - "version_value" : "9.6.0.3" - }, - { - "version_value" : "9.6.1.2" - }, - { - "version_value" : "9.6.1.3" - }, - { - "version_value" : "9.6.1.4" - }, - { - "version_value" : "9.5.0.5" - }, - { - "version_value" : "9.5.1.6" - }, - { - "version_value" : "9.5.2.5" - }, - { - "version_value" : "9.6.0.4" - }, - { - "version_value" : "9.5.0.6" - }, - { - "version_value" : "9.5.1.7" - }, - { - "version_value" : "9.5.2.6" - }, - { - "version_value" : "9.6.0.5" - }, - { - "version_value" : "9.6.1.5" - }, - { - "version_value" : "9.6.1.6" - }, - { - "version_value" : "9.6.1.7" - }, - { - "version_value" : "9.5.0.7" - }, - { - "version_value" : "9.5.1.8" - }, - { - "version_value" : "9.5.2.7" - }, - { - "version_value" : "9.6.0.6" - }, - { - "version_value" : "9.6.1.8" - }, - { - "version_value" : "9.6.1.9" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 129826." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-01-23T00:00:00", + "ID": "CVE-2017-1516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational DOORS", + "version": { + "version_data": [ + { + "version_value": "9.5" + }, + { + "version_value": "9.5.0.1" + }, + { + "version_value": "9.5.1" + }, + { + "version_value": "9.5.1.1" + }, + { + "version_value": "9.5.1.2" + }, + { + "version_value": "9.5.2" + }, + { + "version_value": "9.5.2.1" + }, + { + "version_value": "9.6" + }, + { + "version_value": "9.5.0.2" + }, + { + "version_value": "9.5.0.3" + }, + { + "version_value": "9.5.1.3" + }, + { + "version_value": "9.5.1.4" + }, + { + "version_value": "9.5.2.2" + }, + { + "version_value": "9.5.2.3" + }, + { + "version_value": "9.6.0.1" + }, + { + "version_value": "9.6.0.2" + }, + { + "version_value": "9.6.1" + }, + { + "version_value": "9.6.1.1" + }, + { + "version_value": "9.5.0.4" + }, + { + "version_value": "9.5.1.5" + }, + { + "version_value": "9.5.2.4" + }, + { + "version_value": "9.6.0.3" + }, + { + "version_value": "9.6.1.2" + }, + { + "version_value": "9.6.1.3" + }, + { + "version_value": "9.6.1.4" + }, + { + "version_value": "9.5.0.5" + }, + { + "version_value": "9.5.1.6" + }, + { + "version_value": "9.5.2.5" + }, + { + "version_value": "9.6.0.4" + }, + { + "version_value": "9.5.0.6" + }, + { + "version_value": "9.5.1.7" + }, + { + "version_value": "9.5.2.6" + }, + { + "version_value": "9.6.0.5" + }, + { + "version_value": "9.6.1.5" + }, + { + "version_value": "9.6.1.6" + }, + { + "version_value": "9.6.1.7" + }, + { + "version_value": "9.5.0.7" + }, + { + "version_value": "9.5.1.8" + }, + { + "version_value": "9.5.2.7" + }, + { + "version_value": "9.6.0.6" + }, + { + "version_value": "9.6.1.8" + }, + { + "version_value": "9.6.1.9" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129826", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129826" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012789", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012789" - }, - { - "name" : "102867", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 129826." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129826", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129826" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22012789", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22012789" + }, + { + "name": "102867", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102867" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1616.json b/2017/1xxx/CVE-2017-1616.json index bde1ded17dd..a8e9be0b2ec 100644 --- a/2017/1xxx/CVE-2017-1616.json +++ b/2017/1xxx/CVE-2017-1616.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1616", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1616", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1743.json b/2017/1xxx/CVE-2017-1743.json index 398b28969d0..9a8c97ef99f 100644 --- a/2017/1xxx/CVE-2017-1743.json +++ b/2017/1xxx/CVE-2017-1743.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-05-02T00:00:00", - "ID" : "CVE-2017-1743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Application Server", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "8.0" - }, - { - "version_value" : "8.5" - }, - { - "version_value" : "9.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-05-02T00:00:00", + "ID": "CVE-2017-1743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere Application Server", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "8.0" + }, + { + "version_value": "8.5" + }, + { + "version_value": "9.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22013601", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22013601" - }, - { - "name" : "104134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104134" - }, - { - "name" : "1040890", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040890" - }, - { - "name" : "ibm-websphere-cve20171743-info-disc(134933)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134933" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-websphere-cve20171743-info-disc(134933)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134933" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22013601", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22013601" + }, + { + "name": "1040890", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040890" + }, + { + "name": "104134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104134" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5256.json b/2017/5xxx/CVE-2017-5256.json index a6f8f255d5c..aa041a92e09 100644 --- a/2017/5xxx/CVE-2017-5256.json +++ b/2017/5xxx/CVE-2017-5256.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@rapid7.com", - "ID" : "CVE-2017-5256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ePMP", - "version" : { - "version_data" : [ - { - "version_value" : "3.5 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Cambium Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting (XSS) injection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))" - } + "CVE_data_meta": { + "ASSIGNER": "cve@rapid7.com", + "ID": "CVE-2017-5256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ePMP", + "version": { + "version_data": [ + { + "version_value": "3.5 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Cambium Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting (XSS) injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5571.json b/2017/5xxx/CVE-2017-5571.json index 0e295cea8ef..c01ec0f9c8b 100644 --- a/2017/5xxx/CVE-2017-5571.json +++ b/2017/5xxx/CVE-2017-5571.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01" - }, - { - "name" : "https://support.citrix.com/article/CTX219885", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX219885" - }, - { - "name" : "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager", - "refsource" : "CONFIRM", - "url" : "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager" - }, - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/" - }, - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/" - }, - { - "name" : "96028", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager", + "refsource": "CONFIRM", + "url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager" + }, + { + "name": "96028", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96028" + }, + { + "name": "https://support.citrix.com/article/CTX219885", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX219885" + }, + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/" + }, + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5825.json b/2017/5xxx/CVE-2017-5825.json index 0a3fd232286..d10f4187ff0 100644 --- a/2017/5xxx/CVE-2017-5825.json +++ b/2017/5xxx/CVE-2017-5825.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-05-25T00:00:00", - "ID" : "CVE-2017-5825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Aruba ClearPass Policy Manager", - "version" : { - "version_data" : [ - { - "version_value" : "6.6.x" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A privilege escalation vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "privilage escalation" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-05-25T00:00:00", + "ID": "CVE-2017-5825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Aruba ClearPass Policy Manager", + "version": { + "version_data": [ + { + "version_value": "6.6.x" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us" - }, - { - "name" : "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt", - "refsource" : "CONFIRM", - "url" : "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt" - }, - { - "name" : "98722", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98722" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A privilege escalation vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "privilage escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us" + }, + { + "name": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt", + "refsource": "CONFIRM", + "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt" + }, + { + "name": "98722", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98722" + } + ] + } +} \ No newline at end of file